Overview
This article provides useful information regarding the function of 'Check Microsoft Firewall Status' audit.
Information
This audit checks the existence and value of the following registry keys on the event source:
- HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewal
- HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall
These keys are being created and set to the value 1 when the following policies of the Group Policy Object are applied to a computer:
- Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall
- For both subkeys (domain and standard policy): Windows Firewall: Protect all network connections.
If GFI EventsManager successfully finds these keys being set to 1, the audit will consider the firewall as being enabled.