Remote harvester blocked by Windows Defender

I added a mini Windows 10 Pro PC to function as a harvester.
Everything is set correctly, as it pertains to Chia.

However, Windows Defender on my full node / farmer is blocking the connection from my harvester.

I discovered this based on “semaphore timeout period has expired” messages in the harvester’s debug log.

When I disable Windows Defender on my full node, the harvester connects. I see it in my full node’s GUI.

The instant I enable Windows Defender on my full node, the harvester disappears from my full node’s GUI.

I found where to set up a rule to allow anything on port 8447 to have access. Still, the problem remains.

I believe Defender is being overly protective, because I set up my full node box’s Ethernet port as a public network (which blocks more stuff than it would if set to a private network). So it is blocking my harvester.

I would rather not change the full node box to a private network (which will probably fix the problem), because I do not want other devices in the household to gain access to my Chia full node box.

Anyone know how I can get my harvester to connect to my full node through Defender’s firewall?
I searched for answers, but found none that worked. And I tried several times with a firewall rule, too.

I would try looking at your defender settings, and adding the program to the exceptions list so it is allowed.

This is how things are generally allowed passed a firewall.

Edit.
Before adding an exception, maybe look at your exclusions, maybe simply removing the exclusion will work.

What version of Windows do you have on both?

Still waiting on what version is on your farmer / full node…

If you do not ‘share’ any resources (drives, printers, etc., for example) on your full node, there will be no access to it for other PCs. And I’m assuming you have passwords on your PCs, which I would think you would, just not sure.

I’m sure your can opener and toaster wont talk to your full-node…

Full node:
Windows 10 Home.

Remote harvester:
Windows 10 Pro.

I do not know how to determine that value.

If it were the program that is running on the full node, then I can choose it.
But Defender is not allowing a program to enter that is coming from the remote farmer.

There are loads of entries already in the rules.
There are rules and rules and rules – and more rules – and lots of them are chia related.

Apparently, Chia puts them there – because I did not.
They have duplicate names. Perhaps each version of Chia adds rules for its specific path to its executables? I will have to click and click and click to reveal the specifics for each existing rule. But none of them include the name harvester.

I’ll be back later with a screen shot.

I do share a mount point, and that works. But Windows makes it easy to share a folder.

Yes, I have passwords.

@Bones Here is a screen capture of my full node’s inbound Defender rules:

defender-inbound_rules2560×1378 286 KB

The Chia related rules go on for another ½ page of more Chia related rules. It is more of the same, and unrelated to allowing a connection through from a harvester.

There are more rules after that. I never put one there, and I never installed any software other than Chia. So they are default Windows rules.

You were talking about getting rid of Windows Home many month ago

It is still on my wish list.

When you install 1.6.1 this is the only thing that needs to be in that list

image1057×122 12.9 KB

yes I dragged the prgram tab over to the left to make it easier to read

Ok, each location you choose to share on your node is shared separately, not the whole drive, unless you choose to share at the root. Therefore now I do not understand what the issue is? If you can’t access anywhere on your node except your mount point, you’re safe. Sharing has to be done manually at the node and where you want sharing to occur, not from any network connected PC.

Just a question. Why are you so concerned about others in your household accessing your PCs? Are you in a commune or shared housing? Do they all covet your crypto XCH coins?

Download MediaCreationTool21H2.exe from Microsoft and install it on your Windows 10 Pro box then you can create a Windows 10 ISO file from Microsoft. Just use the same key and your cooking with gas.

At least in my house, we’re semi-tech literate, but a certain member of the household keeps downloading game cheat software and other nonsense - I don’t believe people that take shortcuts always have honest intentions (the hackers specifically, not my kid lol).

You don’t keep that person busy enough with yard work pulling weeds, so there would be less computer time

No doubt, lol, the amount of hours spent ‘job larping’ in video games could have been spent moving actual materials outdoors.

@Fuzeguy Unless I am mistaken, I do not believe that my remote harvester issue is a file sharing issue. I believe that it is a networking protocol issue that Defender on my full node is blocking.

I thought that it might be an inbound rule that needs to be created. But I tried that, to no avail.

If I have a guest that connects to my ISP’s router, and that guest’s device has malware, then that guest is now on my local, trusted side of my network – which includes my Chia full node box.

Or, if I screw up and get a nasty something on my daily driver PC, then it will have access to my local network.

When it comes to my full node box, I am not taking any chances.

Plan B:

My full node box has two networks (three, if I count my now disabled WiFi).

1. One is wired to my internet service provider’s modem.
2. The other is wired to my other Chia boxes.

So of my Chia boxes, only my full node has a connection to the internet.
My other Chia boxes all connect to each other via a basic switch.

If I am unable to solve my harvester → full node firewall issue, then I will probably change #2 to a different class of private IP addresses. I am currently using Class “A” (ten dot) ranges.

My guess is that if I change my (#2) back-end Chia IP addresses to Class “C” (192.168…), and make that one a private network, then Defender will allow the harvester connection.

And any other devices will not see my 192 network.

I am basing my assumption that plan “B” will work on no one else having my issue. I am assuming that everyone else is using the “private” network option, and not the “public” network option?

So if I change my #2 to a private network, with a different private IP class range, then Defender will probably allow the harvester connection, and it will be on a network that is inaccessible to any devices connecting to my ISP’s modem.

I was making statements in the ensuing posts relative to: You would change to a private network setup as that is the normal procedure for in-home networks. Any telling you that that should work as you want.

Hold on there baba-louie, You stated before that you have a Comcast cable modem-router. You can have your network via lan cable connection and wifi 2.4/5ghz and you also have the ability to have a guest network that when connected has “NO ACCESS to your network”

You have a guest network (wifi SSID GuestSey-Kre, pick a password)

Please read my last statment again. problem solved, Where my TastyKake

I do not know how to do that.

Perhaps it is simple. But I would need to learn that simple procedure.