5157(F): Windows Filtering Platform has blocked a connection

Have you ever encountered an error, Windows Filtering Platform has blocked a connection after a Windows upgrade? The error is accompanied by code 5157(F). It occurs due to an upgrade leading to the misrecognition of the Windows Firewall – when the Base Filtering Engine blocks some packets or connections. The problem may seem complicated to some users but its solution is simple enough to understand and execute.

What is a Windows Filtering Platform and, how does it help?

The Windows Filtering Platform is a collection of services and API (Application Programming Interface) that helps developers create network filtering applications. It was first introduced in Windows Vista and since then has been a part of Windows. It is used to build independent firewalls, antivirus, and network-related applications. An application can also modify access points as they are processed. The Windows Filtering Platform includes the following:

1. Base Filter Engine
2. Generic Filter Engine
3. Callout Modules

Fix Windows Filtering Platform has blocked a connection?

There are several ways to fix this issue. You can use any of the below-given methods. Some of the solutions are as follows:

1. Performing an SFC scan
2. Disabling the Windows Defender Firewall
3. Disabling the antivirus on your PC
4. Creating a new local account
5. Running the DISM tool

Let us look at these solutions in more detail.

1] Performing an SFC scan

Follow the next steps to perform a quick SFC scan.

1. Press Windows key + R to launch the Run Type wt in the field, press and hold the Ctrl + Shift keys, and click on Ok or press Enter to launch an elevated Windows Terminal.
2. Select Yes on the UAC (User Account Control)
3. Click on the download arrow and select Command Prompt from the resulting menu.

 

4. Type or paste the below-mentioned command and press Enter to run the SFC scan:

sfc/scannow

5. The System File Checker (SFC) is used to identify corrupt system files. In case it identifies any corrupted files, it replaces them with the cached copy that is stored on the system.
6. After the command is executed and the scan is complete, you can restart the PC and see if the problem is eliminated.

2] Disabling the Windows Defender Firewall

Follow the next steps to disable a firewall on your PC.

1. Click on Windows +S to launch the Search
2. Type Settings and open the app. In the File a setting box, type Windows Defender Firewall. Select the app from the search list that appears.

3. When the window of Windows Defender Firewall opens, click on the Advanced settings option from the left pane.

4. A new window of Windows Defender Firewall with Advanced Security opens. Click on Windows Defender Firewall Properties.

5. A window with Windows Defender Firewall properties opens. In the Domain Profile tab, go to Firewall state and select Off from the drop-down menu. Then click on Ok.

6. This will switch off the Windows Defender Firewall. Restart your PC.

Now check if the error, Windows Filtering Platform has blocked a connection problem is resolved.

3] Disabling the antivirus on your PC

Try resolving the error of 5157(F) by disabling the antivirus on your PC. Follow the next steps to perform this action:

1. Press Windows+S to launch the Search menu. Enter Windows Security in the text field at the top, and then click on the relevant search result.

2. When the Windows Security window opens, click on Virus & threat protection.

3. Go to Manage settings under the Virus & protection settings.
4. You can then click on the toggle button under the Real-time protection and disable the antivirus.
5. Click on Yes on the UAC (User Account Control) prompt.
6. Sometimes the antivirus is known to conflict with the network settings and result in errors. It can be the case with third-party antivirus but, sometimes, a built-in Windows Security can also cause the error.
7. If the error persists, you can uninstall the third-party antivirus app and see if it is resolved.

4] Creating a new local account

Sometimes the error also occurs because the user account is corrupted. In that case, you can create a new local user account on the Windows 11 PC. If you are confused about whether you should create a Microsoft account or a local one, you can choose the latter one since it is not connected to the servers and can be used independently on the device.

5] Running the DISM tool

You can try to run a DISM (Deployment Image Servicing and Management) tool to resolve the error of the Windows Filtering Platform that has blocked a connection. Follow the next steps.

1. Click on Windows+S to launch the Search menu. Type the Windows Terminal in the text field at the top. You can then right-click on the search result and choose Run as administrator from the context menu.

2. Select Yes on the UAC (User Account Control)
3. You can then click on the downward-facing arrow at the top and choose Command Prompt from the list of options. You can also use the shortcut Ctrl+Shift+2 to launch the Command Prompt in Windows Terminal.
4. Paste the below-mentioned command and click on Enter to execute it.

DISM/Online/Cleanup-image/Scanhealth

5. Execute this command.

Please note

Some of the solutions above, such as disabling the Windows Defender firewall or disabling the antivirus, remove the protection of your PC. These actions may pose a risk of virus attacks. Hence, use these solutions wisely. As soon as the error is resolved, restore the firewall and antivirus settings.

Do let us know in case of any suggestions.

What is Event ID 5157?

This event documents each time the Windows Filtering Platform allows a program to link to another process (on the same or a remote computer) on a TCP or UDP port.

How to turn off the Windows Filtering Platform?

You can disable it in the group policy. Go to configuration – policies – windows settings – security settings – advanced audit policy configuration.

What does it mean when we get the message “Windows Filtering Platform has allowed a connection”?

You may get the message that the Windows Filtering Platform has allowed a connection during the Microsoft Windows Security Auditing. This event is logged when Windows Filtering Platform or WFP allows a program to connect to another process on the same or a remote computer. It does this on a TCP or UDP port. The event ID for this message is 5156.