cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Windows firewall logs on the endpoint.

Fish_Tacos
Brass Contributor

‎Mar 03 2021 08:29 AM

‎Mar 03 2021 08:29 AM

Windows firewall logs on the endpoint.

I was ran into an issue of the firewall blocking traffic but not reporting it in Microsoft Defender. When I went to turn on windows logging it was block by administrator. How to Track Firewall Activity with the Windows Firewall Log (howtogeek.com) I took a guess it was the firewall and disabled the rules. Where do I find this information when troubleshooting on the endpoint? 

2,091 Views
1 Like
6 Replies
Reply
6 Replies
Heather Poulsen

‎Mar 03 2021 08:55 AM

‎Mar 03 2021 08:55 AM

RE: Windows firewall logs on the endpoint.

Firewall events should be in the security event log if it has been turned on
0 Likes
Reply
Fish_Tacos

‎Mar 03 2021 09:01 AM

‎Mar 03 2021 09:01 AM

RE: Windows firewall logs on the endpoint.

Local users don't have rights to view the security log.
0 Likes
Reply
Rick_Munck

‎Mar 03 2021 09:02 AM

‎Mar 03 2021 09:02 AM

Re: Windows firewall logs on the endpoint.

@Fish_Tacos When you go into the Firewall Logging section are the logs enabled and is "Log dropped packets;" configured to yes?

Rick_Munck_0-1614790932128.png

 

0 Likes
Reply
Fish_Tacos

‎Mar 03 2021 09:10 AM

‎Mar 03 2021 09:10 AM

Re: Windows firewall logs on the endpoint.

@Rick_Munck Shouldn't I get a pop up or alert when an application is blocked? See Screenshot. 


Preview file
69 KB
0 Likes
Reply
best response confirmed by Fish_Tacos (Brass Contributor)
Rick_Munck

‎Mar 03 2021 09:20 AM

‎Mar 03 2021 09:20 AM

Solution

Re: Windows firewall logs on the endpoint.

@Fish_Tacos you should but it also depends on the type of block and the app in question.  You will need to look in the log I mentioned above to determine the block but by default it will not log dropped packets so you might have to step through it again to get it captured.

2 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Fish_Tacos (Brass Contributor)
Rick_Munck

‎Mar 03 2021 09:20 AM

‎Mar 03 2021 09:20 AM

Solution

Re: Windows firewall logs on the endpoint.

@Fish_Tacos you should but it also depends on the type of block and the app in question.  You will need to look in the log I mentioned above to determine the block but by default it will not log dropped packets so you might have to step through it again to get it captured.

View solution in original post

2 Likes
Reply