So I already have a pretty good idea how to set up firewall rules programmatically using the INetFwPolicy2
and INetFwRule
COM interface. However, how can I use the COM interop to set up a rule for a specific "Modern App"/"Metro App"/"Store App"?
If I use the Firewall MMC, I can go to:
rule -> Properties -> Programs and Services -> Application Packages
and allow/block specified packages there. But I have no idea how to do this in code. I have found the INetFwRule3
interface which provides LocalAppPackageId
property, which is what I assume does all the magic. But the LocalAppPackageId
contains an SID of the package rather than its name like microsoft.windows.photos_8wekyb3d8bbwe
for example. So how can I block the package I want, when all I know is it's name? I guess I have to get the SID, so how do I find that? Is the SID's scope local (unique per machine), or can I just hard-code the SID once I find it and not bother looking up the SID dynamically?