Forum Discussion
Defender Firewall rules - Event ID 2001
In my organization, we're moving away from Trellix suite to MDE. All of my policies (DLP, AV, Exclusions, etc...) are working, but not the Firewall general settings nor the Firewall Rules. Defender portal indicates that the Firewall settings policy was successful, but the rules are not. Our workstations are hybrid-joined, but managed by SCCM/MDE. When I look at the Event View for SENSE (channel Microsoft-Windows-SENSE/Operational) related events, I get an event ID 2001, and the info is: SenseCM: WRN: FW VA: no rule TESTING POLICY
The rule TESTING POLICY exists in my Defender portal, under Endpoint security policies, so it seems like my test workstation can see that policy, but it doesn't get applied, and also the Firewall settings don't get applied, as it doesn't appear to change the default block/allow for Outbound or Inbound for each of the Firewall profile (Public, Private, Domain).
Anything suggestion will be appreciated.
2 Replies
- Since you mentioned hybrid, any chance the FW settings are coming from GPO?
rahuljindal Good point. You gave me a good idea... I can't update the Group Policy from AD's side, but I will at least test with Local Group Policies.
