Windows firewall logs on the endpoint.

Fish_Tacos · ‎Mar 03 2021

I was ran into an issue of the firewall blocking traffic but not reporting it in Microsoft Defender. When I went to turn on windows logging it was block by administrator. How to Track Firewall Activity with the Windows Firewall Log (howtogeek.com) I took a guess it was the firewall and disabled the rules. Where do I find this information when troubleshooting on the endpoint?

Heather Poulsen · ‎Mar 03 2021

Firewall events should be in the security event log if it has been turned on

Heather Poulsen · ‎Mar 03 2021

Try this: https://docs.microsoft.com/en-us/windows/win32/fwp/auditing-and-logging

Fish_Tacos · ‎Mar 03 2021

Local users don't have rights to view the security log.

Rick_Munck · ‎Mar 03 2021

@Fish_Tacos When you go into the Firewall Logging section are the logs enabled and is "Log dropped packets;" configured to yes?

Fish_Tacos · ‎Mar 03 2021

@Rick_Munck Shouldn't I get a pop up or alert when an application is blocked? See Screenshot.

Fish_Tacos · ‎Mar 03 2021

@Fish_Tacos you should but it also depends on the type of block and the app in question. You will need to look in the log I mentioned above to determine the block but by default it will not log dropped packets so you might have to step through it again to get it captured.

Windows firewall logs on the endpoint.

Windows firewall logs on the endpoint.

RE: Windows firewall logs on the endpoint.

RE: Windows firewall logs on the endpoint.

RE: Windows firewall logs on the endpoint.

Re: Windows firewall logs on the endpoint.

Re: Windows firewall logs on the endpoint.

Re: Windows firewall logs on the endpoint.

Products (65)

Special Topics (44)

Video Hub (444)

Most Active Hubs

Most Active Hubs

Video Hub

Windows firewall logs on the endpoint.