WithSecure Firewall blocking Hyper-V networks

Question

Hello,

I have a problem that appeared out of nowhere recently.

I have a Windows 11 Pro 25H2 workstation that I use as a lab. It has Hyper-V with 12 VMs, WSL with 2 Linux distributions, and Docker containers, all distributed across 6 VLANs: 3 internal, 2 NAT, and one bridged. It's not a random setup, but it has worked for years, since PSB and now with WithSecure Elements EDR and EPP for Computers Premium. With Windows 11 22H2, Microsoft introduced Hyper-V Firewall, and even so, my environment was normal until recently.

Lately, this setup only works if I disable WithSecure's firewall management. Therefore, when WithSecure manages the Windows Firewall, the rules are not reflected in Hyper-V Firewall, blocking the networks on the VMs, WSL, and Docker containers. Disabling the WithSecure firewall management fixes everything. I use "Shared Workstation" in my WithSecure profile.

Is there a solution to this problem without having to create rule by rule in the profile's firewall or directly in the Windows firewall?

Regards,

Paulo Mariano

Sethu Laks · Accepted Answer

Hi @paulomariano63

Thanks for the detailed description of your lab setup, that really helped clarify what’s going on.

From what we can see, this behaviour is tied to how Windows 11 handles firewalling when Hyper-V is involved, alongside how WithSecure Elements manages the Windows Firewall.

On newer Windows 11 versions (like 22H2 and 24H2), Microsoft added extra firewall layers specifically for Hyper-V and virtual networking. These layers handle traffic for things like:

* Hyper-V virtual machines (internal, NAT, external switches)
* WSL2 environments
* Docker containers using Hyper-V / HNS

WithSecure Elements EPP/EDR manages the standard Windows Defender Firewall, but it doesn’t automatically sync rules into the separate Hyper-V firewall layer. Because of that, you can end up in a situation where:

* Windows Firewall rules are correctly managed by WithSecure on the host
* but the Hyper-V / HNS firewall still blocks traffic between the host and virtual networks

That matches what you’re seeing: everything works when WithSecure firewall management is off, but gets restricted when it’s enabled (e.g. via the “Shared Workstation” profile).

Right now, there isn’t a built-in setting in WithSecure that keeps both firewall layers in sync. For lab or development machines, there are a couple of practical ways to handle this:

Option 1: Don’t use WithSecure to manage the firewall on this machine

* Keep WithSecure protection (malware protection, EDR, etc.) enabled
* Let Windows manage the firewall locally
* This is the simplest approach and works well for dedicated lab environments

Option 2: Keep WithSecure firewall management enabled and adjust Hyper-V/HNS settings

* Modify the Hyper-V firewall behaviour to allow required traffic
* This could mean relaxing rules for specific virtual switches or allowing broader lab network ranges
* Typically easier than trying to manage rules per VM/container

Best regards,

Sethu

Community Moderator | Technical Support Engineer
WithSecure™ European Cybersecurity for MSPs | WithSecure