STATUS_FWP_INVALID_PARAMETER 0XC0220035 Fix

This Error Means Your Firewall Rule Is Broken

You're seeing STATUS_FWP_INVALID_PARAMETER (0XC0220035) because Windows Filtering Platform (WFP) can't parse a firewall rule or filter. Something in the rule data is wrong — maybe a corrupted entry from a failed update, a third-party antivirus that left a mess, or a manual edit that went sideways. The error pops up when you try to open a network connection like sharing a folder, running a VPN, or launching certain apps. It's not a hardware problem. It's a configuration problem. And you can fix it without reinstalling Windows.

The Quick Fix: Reset Windows Firewall

This is the step that works in 9 out of 10 cases. It clears all custom firewall rules and resets the service to defaults. You'll lose any rules you added manually, but you won't lose your network settings or internet connection.

Press Windows Key + X and select Windows Terminal (Admin) or Command Prompt (Admin).
If you see a User Account Control prompt, click Yes.
Type this command and press Enter:
```
netsh advfirewall reset
```
Expected outcome: You should see the message "Ok." That means the command ran successfully.
Now restart your computer. Don't skip this — the changes won't take effect until the firewall service restarts fully.
After the restart, test whatever was giving you the error. For most people, the error is gone at this point.

Why this works: The netsh advfirewall reset command deletes all custom firewall rules and resets the policy store to its factory state. If a bad rule had an invalid parameter like a malformed IP address or a missing port number, it's gone. The firewall service then uses only the default rules, which are known good.

If the Reset Doesn't Stick

Sometimes the reset runs fine, but the error comes back after a few minutes or after another restart. That means something is re-creating the bad rule. Usually it's a third-party security suite or a VPN client that's corrupting the rule store on every boot.

Step 1: Boot into Clean Mode

We need to see if a third-party service is the culprit. Here's how:

Press Windows Key + R, type msconfig, and press Enter.
Go to the Services tab.
Check Hide all Microsoft services at the bottom left.
Click Disable all.
Go to the Startup tab and click Open Task Manager. Disable everything listed there.
Click OK in System Configuration and restart.

Expected outcome: Your PC starts with only Microsoft services. If the error doesn't appear anymore, you know a third-party app is causing it. Re-enable services one by one to find the offender. I usually start with the antivirus — that's the most common source of corrupted firewall rules.

Step 2: Use the Windows Filtering Platform Diagnostic Tool

If clean boot doesn't help, the problem might be deeper. Microsoft provides a tool called wfpdiagnostics (part of the Windows Performance Toolkit) that can scan WFP for corrupt filters. You'll need to install the Windows SDK, which is a big download. I only recommend this for advanced users who are comfortable with command-line tools.

Less Common Variations of the Same Issue

These are rarer but worth checking if the reset didn't work:

Corrupted Windows Security Service

The Windows Security Center service can sometimes get into a state where it can't communicate with the firewall. You'll know this is the case if you also see "Security Center service has stopped working" errors in Event Viewer. To fix it:

Press Windows Key + R, type services.msc, and press Enter.
Find Security Center in the list.
Right-click it and select Properties.
Set the startup type to Automatic (if it's not already).
Click Start to start the service.
Right-click Windows Firewall service and do the same — set to Automatic and start it.

Expected outcome: Both services show "Running" status. Try your network operation again.

Group Policy Blocks Custom Rules

If you're on a work or school computer, the IT department might have pushed a Group Policy that prevents local firewall rules from being applied. The reset might not work because policy overrides it. You can check this by running rsop.msc (Resultant Set of Policy) and looking under Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security. If you see policies in place, you'll need to contact your IT admin — you can't override them locally.

Corrupted System Files Masked as Firewall Problem

Sometimes the real issue is a damaged system file that happens to affect the firewall. Run this to check:

sfc /scannow

If it finds corrupt files but can't fix them, run:

DISM /Online /Cleanup-Image /RestoreHealth

Expected outcome: DISM might take 15-20 minutes. After it finishes, restart and try the netsh reset again. I've seen this fix stubborn cases where nothing else worked.

Prevention: Keep Your Firewall Healthy

Once you've fixed the error, here's how to stop it from coming back:

Stick with one security suite. Don't install multiple antivirus or firewall tools. They fight over the WFP driver and corrupt each other's rules. Pick one and uninstall the rest using their official removal tools.
Uninstall VPNs properly. When you remove a VPN client, use its dedicated uninstaller, not just the Apps & Features page. Many VPNs leave behind WFP filters that go stale. Run netsh wfp show filters after uninstalling to see if orphaned filters remain.
Don't manually edit firewall rules unless you know what you're doing. One typo in an IP address or port range can break the rule store. If you need a custom rule, use the GUI (wf.msc) instead of the command line — it validates the input before saving.
Keep Windows updated. Microsoft has fixed several WFP bugs in cumulative updates for Windows 10 and 11. If you're running an old build, update it. Check under Settings > Windows Update.

That's it. You should be back online now. If the error comes back after a week, it's almost certainly a third-party app re-creating the bad rule. Go back to the clean boot test and be thorough about disabling services.