Q: Changes to the rules by other programs

[falahati]

WindowsFirewallHelper caches the underlying COM object and since Windows Firewall COM API does no reflects updates fast enough you can, in theory, get a result that is outdated. How rarely this happens depends on the underlying Firewall API and therefore it might be hard to reproduce.

#32 might be used to detect such changes in the future.

Workaround
Since with version 2 of this library, it is possible to create multiple instances of any IFirewall implemented class, creating a new instance should, in theory, solve this problem by creating a new COM object.

Vista+:
var rules = new FirewallWAS().Rules.ToArray()

XP+:
var rules = new FirewallLegacy().Rules.ToArray()

Doing so leaves the COM object lifetime management to the user of the library.
There is no way to do this with version 1 of this library since these constructors are marked as internal.

Solution
Should add a new IFirewall.Refresh() or IFirewall.Reload() method to clear the COM cache of an instance. This is especially handy when using the FirewallManager class.

[falahati]

microsoft/AttackSurfaceAnalyzer#306 might also be related to this. Not sure tho.

[falahati]

IFirewall.Reload() added