I am attempting to create a script that will turn off the firewall notifications in Windows 7. We are now using Symantec which is handling the software firewall on our windows machines, but Windows does not recognize it as being turned on, so I am getting a ton of reports of errors popping up. The resolution for this is to simply turn off firewall notifcations, since it is a false alarm.


I have googled the command from command line to do this, but none of them seem to work. I have tried:

netsh firewall set notifications mode = disable profile = allprofiles


netsh advfirewall firewall set notification mode = disable profile = all

Neither of these work, and these are the only commands I have been able to find. Has anyone else tried this or found a way to do this from the Kbox?

0 Comments   [ + ] Show Comments


Please log in to comment



We use a batch script that does it. The batch script is below. It has to be ran from an elevated command prompt.

@echo off


netsh advfirewall set domainprofile state off

netsh advfirewall set privateprofile state off 

netsh advfirewall set publicprofile state off

Answered 05/15/2013 by: WGM_Jeff
Fourth Degree Black Belt

  • you are disabling the firewall with these commands, he is trying to stop the notification from action center telling him the firewall is off even though symantec is installed
  • Its actually a registry edit to get rid of the alerts all together, which I have found, but I did not mark on here because Kace still cannot run the script correctly, or I am doing it wrong. If I ever get it to working I will update this thread.
    • post the reg edit you found as new question on how to get it to work as a kscript, there is a lot of talent on this site and you may get an answer.
  • Sorry, I didn't read that correctly. Can you export the reg file on a machine that you changed manually and then run that through KACE?
    • This content is currently hidden from public view.
      Reason: Removed by member request
      For more information, visit our FAQ's.
    • If it is the same way symantec says to do it you can under scripting - configuration policy - enforce registry settings.
      they say change this key and then copy it to the other machines
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101
  • Thank you, I will try that, but I wish that Symantec would address this rather than give instructions on how to hide it.
    • like the guy on symantec's sites said if the firewall does not work you will never know since you killed the notification engine.
      when you create the policy create a reg merge file and just remove the "Windows Registry Editor Version 5.00" line and paste the rest in the window.
  • I use the same 3 lines in my K2000 scripted installs at the begining so nothing is blocked durring the process. The opposite command gets run as the last item on postinstallations tasks so that the firewall is back on.
Please log in to comment

Action center is the likely cause and it get it's info thru wmi  Look into turning off action center or fixing the bug between action center and symantec.

Answered 05/09/2013 by: SMal.tmcc
Red Belt

  • Ive even talked with Symantec, the bug is within the Windows OS, "Its recommended that we simply disable notifications", I dont like the fix either, because by disabling them it fails to alert the user if the firewall is failing. I consider it a bad security risk, but compared to training my users to ignore alerts, its the lesser of the two evils.
Please log in to comment

 netsh firewall set notifications mode = disable profile = allprofiles

The syntax supplied for this command is not valid. Check help for the correct syntax.


set notifications

      [ mode = ] ENABLE|DISABLE

      [ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]


  Sets firewall notification configuration.




  mode - Notification mode.

      ENABLE  - Allow pop-up notifications from firewall.

      DISABLE - Do not allow pop-up notifications from firewall.


  profile - Configuration profile (optional).

      CURRENT  - Applies to the active profile.  Active profile can be domain,

                 standard (i.e. private), or public. (default).

      DOMAIN   - Applies to the domain profile.

      STANDARD - Applies to the standard (i.e. private) profile.

      ALL      - Applies to the domain and standard (i.e. private) profile.

                 Does not apply to the public profile.




      set notifications ENABLE

      set notifications mode=DISABLE

at VERY FIRST LOOK i see "profile = allprofiles" not being logical
and ...
netsh firewall set notifications mode = disable profile = all
Answered 08/20/2013 by: ttrash
White Belt

Please log in to comment
Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja