Windows MDE - Network Protection

Hi Vinod7,

It sounds like the Network Protection block mode in Microsoft Defender for Endpoint is blocking the traffic to your local Wi-Fi printers when you are connected to a VPN. This is a strange behavior, as you should not see any event logs for this event.

Here are a few things you can try:

1. Make sure that the local Wi-Fi printers are excluded from Network Protection. You can do this by adding the IP addresses of the printers to the bypass list. To do this, open the Microsoft Defender Security Center and go to Device security > Firewall & network protection > Advanced settings. Under Windows Defender Firewall with Advanced Security, click Inbound Rules. In the right-hand pane, click New Rule. In the New Inbound Rule Wizard, select Custom and click Next. In the Protocol and Ports window, select TCP and enter the port number that your printers use. In the Scope window, select Specific IP addresses and enter the IP addresses of your printers. Click Next to proceed through the wizard.
2. Disable Network Protection block mode and see if that resolves the issue. If it does, then you can try to enable it again and see if the issue returns.

To enable Network Protection audit mode, open the Microsoft Defender Security Center and go to Device security > Firewall & network protection > Advanced settings. Under Windows Defender Firewall with Advanced Security, click Inbound Rules. In the right-hand pane, double-click the Network Protection rule. In the Properties window, click the General tab. Under Action, select Audit and click OK.

Once you have enabled Network Protection audit mode, try to print to your local Wi-Fi printers again. You should see event logs for any applications or processes that are being blocked by Network Protection.