Share via

UWF does not function when Windows Firewall is enabled

BEN DENISOV 0 Reputation points
2026-02-01T13:54:42.4533333+00:00

Hello Microsoft Support Team,

I am encountering an issue with Unified Write Filter (UWF) on a Windows machine.

When UWF is enabled, it does not function properly if the local Windows Firewall is turned on. In this state, UWF appears to fail or behave unexpectedly. However, if I disable the local Windows Firewall, UWF immediately starts working as expected.

This behavior is consistently reproducible:

  • With Windows Firewall enabled → UWF does not work correctly

With Windows Firewall disabled → UWF works normally

This suggests there may be a conflict or dependency between UWF and the Windows Firewall service or its rules.

I would appreciate your assistance in understanding:

Whether this is a known issue or limitation

What firewall rules, services, or configurations are required for UWF to function correctly while the firewall remains enabled

Any recommended best practices for running UWF in environments where the Windows Firewall must stay active

Please let me know if you need logs, event viewer entries, or additional diagnostic information from my side.

Thank you for your support.

Best regards,

Windows for business | Windows for IoT

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VPHAN 30,935 Reputation points Independent Advisor
    2026-02-12T07:06:14.48+00:00

    Hello again BEN DENISOV,

    Just following up. Before applying any fixes, you need to validate the failure mode by checking the Microsoft-Windows-UnifiedWriteFilter/Operational event log for Event ID 1006 (Overlay Full) or any service termination errors; if the Firewall is logging aggressively to a protected volume, it will fill the RAM overlay and hang the system, which matches your description.

    To resolve the conflict correctly, you must ensure the Firewall service (SharedAccess) and the Antimalware service (Windows Defender) can write to disk without filtering. The advisor’s registry exclusions are a good start, but insufficient for a stable environment. You must also execute uwfmgr file add-exclusion "C:\Windows\System32\LogFiles\Firewall" to prevent the firewall logs from consuming the overlay. Furthermore, legitimate conflicts often arise from WdFilter (Defender) rather than the Firewall itself; ensure you also exclude the Defender platform path by running uwfmgr file add-exclusion "C:\ProgramData\Microsoft\Windows Defender". If the system still hangs after these exclusions, the issue is likely a driver altitude conflict between uwf.sys and a third-party security agent, requiring a kernel memory dump for further analysis.

    VP

  2. VPHAN 30,935 Reputation points Independent Advisor
    2026-02-01T17:01:22.3533333+00:00

    Hello BEN DENISOV

    To provide the exact remediation, I need you to clarify the failure state: when "UWF does not work," does uwfmgr get-config show the Filter State as OFF despite you enabling it? Or does the system simply hang/crash?

    While you gather that, I can provide the standard Best Practice configuration for this specific environment. In high-security Kiosk/IoT deployments, the Windows Firewall service (SharedAccess) requires persistent access to its policy registry keys to function correctly without colliding with the Write Filter. If these keys are not excluded, the Firewall service may fail to start or may inadvertently block the UWF service from initializing due to dependency timeouts.

    You should apply the following Registry Exclusions to ensure the Firewall service can write its state directly to disk, bypassing the overlay. This resolves the majority of "Firewall vs. UWF" conflicts. Open your elevated command prompt and execute:

    uwfmgr registry add-exclusion "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy"

    uwfmgr registry add-exclusion "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter"

    After adding these exclusions, you must restart the machine (shutdown /r /t 0) for the registry filter to update. If your issue involves the system hanging or the overlay failing to engage, this registry passthrough is the required fix.

    I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

    VP

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.