Windows firewall logs on the endpoint.

Occasional Contributor

I was ran into an issue of the firewall blocking traffic but not reporting it in Microsoft Defender. When I went to turn on windows logging it was block by administrator. How to Track Firewall Activity with the Windows Firewall Log ( I took a guess it was the firewall and disabled the rules. Where do I find this information when troubleshooting on the endpoint? 

6 Replies
Firewall events should be in the security event log if it has been turned on
Local users don't have rights to view the security log.

@Fish_Tacos When you go into the Firewall Logging section are the logs enabled and is "Log dropped packets;" configured to yes?



@Rick_Munck Shouldn't I get a pop up or alert when an application is blocked? See Screenshot. 

best response confirmed by Fish_Tacos (Occasional Contributor)

@Fish_Tacos you should but it also depends on the type of block and the app in question.  You will need to look in the log I mentioned above to determine the block but by default it will not log dropped packets so you might have to step through it again to get it captured.