Configure the Windows Firewall for MediaShout Remote

Update September 12, 2018 This article has been re-written based on a (hopefully) better understanding of how MediaShout interacts with the Windows Firewall.

MediaShout offers instructions here for setting up MediaShout to allow remote control from their iOS app. There are some additional technical details here. Unfortunately, there is a situation where Windows may create firewall rules that block MediaShout, preventing all network access to the program, including for remote control.

After installing MediaShout, when you first enable Remote access (thus asking it to open ports for listening), Windows will detect the open ports and ask if you want to allow access through the firewall:

MediaShout firewall 01

MediaShout firewall 02

If you click Allow access, Windows will attempt to create Allow rules in the firewall that allow MediaShout to receive on any TCP and UDP ports.

However, only administrators can change firewall rules. If you do not have administrative rights, you will be asked to provide them:

MediaShout firewall 03

If you do not have an administrator’s username and password, your only option is to go back to the firewall dialog and click Cancel. This explicitly creates Block rules in the firewall that will prevent MediaShout from receiving any network traffic. After this, Windows will no longer prompt you about allowing the app through the firewall, so the Remote app will be locked out until you manually correct the firewall rules.

Allow MediaShout in the Firewall After It Has Been Blocked

If Windows created Block rules, follow these steps to change them to Allow rules so you can use the Remote app.

1. Log on to the computer as an administrator.

2. Open Windows Defender Firewall and click on Advanced Settings. In the list of Inbound rules, click on the Name header to sort the list by rule name. Scroll down until you see the two MediaShout rules with the red circles next to them:

MediaShout firewall 04

3. Open each MediaShout rule and change it from Block to Allow:

MediaShout firewall 05

4. The rules now appear with green check marks and the word “Allow”:

MediaShout firewall 06

You should now be able to connect to MediaShout with the Remote app.

Note Another option is to create explicit rules for the ports needed by MediaShout. If you choose to do this, you must disable the Block rules. Otherwise, the Block rules will take precedence over the Allow rules and the Remote app will not be able to access MediaShout.

Future Suggestion

Best security practices do not grant administrative privileges to end users and programs should not assume that users are admins. Yes, it’s inconvenient to work without admin privileges, but it also prevents users from accidentally allowing viruses to run, for example. Of course, admin privileges are required and expected to install and configure programs. In this case, it would be preferable if MediaShout acquired elevated privileges before enabling the Remote Server. If elevation is not available, don’t enable the server, which will prevent Windows from creating the Block rules. Another alternative might be to create explicit Allow rules during installation, possibly circumventing this issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.