Why don’t HomeGroups work with PrivateFirewall? Here’s how to fix it.
Update (4/21/2013): This post has been updated to fix some more issues. The quick summary is this:
Open all TCP and UDP ports for SVCHost and System (System Services) from 137-65535 for the local network (low security).
Add all HomeGroup computers to the Trusted Networks/IP Addresses area. Check the firewall log for recent HomeGroup attempts.
However, not all issues are fixed. PrivateFirewall should be disabled (allow all connections) in order to set up a HomeGroup, and while network sharing works with PrivateFirewall on, HomeGroups have some difficulties under mixed Windows 7 and 8 networks.
PrivacyWare’s PrivateFirewall is a very good HIPS/Firewall combination. Unfortunately, there are a few issues that can appear from time to time, such as this one: with PrivateFirewall off, Windows HomeGroups work, but with the firewall on, HomeGroups are blocked. Here is how to fix it.
Allow the following ports for these two services:
svchost.exe
1. In/out tcp port 3587 2. In/out udp port 3540
system
1. In tcp port 2869 -WIN mediaplayer networking 2. In/out tcp port 5357-5358
SVCHost should be fairly easy to spot, but System may be masquerading as System Services.
Ports can be adjusted on the PrivateFirewall > Main Menu > Applications page after right clicking on the application anme and selecting Customize, then Add new rules.
Credits go to ITMan at WildersSecurity for this fix.
Update (4/21/2013): Some issues remain with local settings and ports. Here’s what I did to fix them:
Port fixes
Windows 7 (and 8) can use many more ports than what is described in the fix above, which can prevent HomeGroups from working correctly. Microsoft has a good document describing all the network/firewall interactions. There are quite a few individual ports, described by RaviShankar at McAfee Forums:
To find other computers running Windows Vista or Windows 7, open these ports:
UDP 3702, UDP 5355, TCP 5357, TCP 5358
To find network devices, open these ports:
UDP 1900, TCP 2869, UDP 3702, UDP 5355, TCP 5357, TCP 5358
To make HomeGroup work correctly between computers running Windows 7, open these ports:
UDP 137, UDP 138, TCP 139, TCP 445, UDP 1900, TCP 2869, UDP 3540, TCP 3587, UDP 3702, UDP 5355, TCP 5357, TCP 5358
The basic fix is to open all ports in System Services and SVCHost to the local network (low security checkbox) from the ranges of 137-5358 for UDP and TCP. I also noticed that HomeGroups involving Windows 8 and 7 use very large ports as well, in the 55,000 range, so adding up to 65535 should open everything up. This is only advised if your local network is trusted. Do not, of course, open these ranges to the whole internet (high security checkbox). You can also individually open up each port (check the firewall log for all the ports being used), but this is easier.
Trust fixes
PrivateFirewall also relies on trusted networks and computers to make the low security settings work. Open up the PrivateFirewall Main Menu and check the Trusted Sites/IP Addresses area to make sure that your network and all computers are in there. If not, an easy way to add these computers is try to access the HomeGroup on one computer, check the firewall log, click on an entry (the recently generated UDP or ICMPv6 Neighborhood Solicitation traffic), and select Trust Remote. Or, go to the router’s configuration screens to pull up a list of all local clients and IP addresses.