When I was almost done writing How to unambiguously identify rules returned from INetFwRules? I realized that I was probably asking the wrong question, but I decided to post that one anyway because it still might be useful to someone else.
What prompted me to ask that question however was that I would like to identify firewall rules that are predefined / built-in / default, i.e. the ones that show that yellow banner saying "This is a predefined rule and some of its properties cannot be modified." when you call them up in the Windows Firewall UI. When I stumbled across HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules I thought I had found my solution only to then realize that the INetFw*-APIs I had been using so far offered me no way to unambiguously match those rules to what I already got. Also, relying on registry internals does not necessarily seem like a very good long-term strategy anyway...
So, is there an "official" (or at least a more sustainable) way to identify these predefined rules using any API (preferably INetFw* but not limited to it)?