XIA Configuration Administrator's Guide

Symptoms

When you scan a Windows machine that is a Remote Desktop session host you may find that scanning the Windows Firewall rules is exceptionally slow.

Cause

This can occur when the Remote Desktop session host is dynamically creating Windows Firewall rules for each logon and those rules are not subsequently deleted after logoff. The dynamically created rules can number in the tens of thousands.

Resolution

• An update KB4467684 has been provided by Microsoft to address this issue
  https://support.microsoft.com/topic/november-27-2018-kb4467684-os-build-14393-2639-7eb61afe-e3de-b34d-0d30-a77670f355fe
  
  Addresses an issue that slows server performance or causes the server to stop responding because of numerous Windows firewall rules.
  
  To enable the changes, add a new registry key “DeleteUserAppContainersOnLogoff” (DWORD) on “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy” using Regedit, and set it to 1.

- or -

• Exclude the Windows Firewall rules optional component for the affected machines.