Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, July 3, 2018 7:36 PM
Me
<bdi class="ng-binding" ng-bind-html="message.text | linkify" style="box-sizing:border-box;">Windows 10 Pro in Workgroup
Windows 10 Version 1709 (OS Build 16299.431
%systemroot%\system32\LogFiles\Firewall\pfirewall.log is missing
Have explicitly added the folder Firewall to %systemroot%\system32\LogFiles\
See pfirewall.log 0 bytes
Have copied log to another folder and still nothing.
How do we test Firewall blocking, presently have Public
Cannot stop service and start to recheck.
Can stop within the program wf.msc</bdi>
All replies (7)
Thursday, July 5, 2018 8:16 AM ✅Answered
Hi,
This is correct log format.
So was your issue resolved?
If no, I suggest you update to the latest build Windows 10 1803 (OS build 17134.137). Then configure the Windows Defender Firewall with Advanced Security Log as below:
Configure the Windows Defender Firewall with Advanced Security Log
/en-us/windows/security/identity-protection/windows-firewall/configure-the-windows-firewall-log
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, July 6, 2018 8:27 PM ✅Answered
Went back in and enabled blocking on Public profile and went through wizard to point pfirewall.log
Now blocks and logs
Tuesday, July 3, 2018 9:27 PM
Firewall service cannot be stopped, it is part of the networking stack \ a security feature.
Firewall does not log blocked connections if there is nothing listening on that port. So you will need something listening on a blocked port to see the connection blocked.
Wednesday, July 4, 2018 7:46 PM
Did you not see?
%systemroot%\system32\LogFiles\Firewall\pfirewall.log is missing
What does this mean? It worked just fine before the recent updates. I could always look in %systemroot%\system32\LogFiles\Firewall\pfirewall.log and see he blocked ports
Firewall does not log blocked connections if there is nothing listening on that port. So you will need something listening on a blocked port to see the connection blocked.
Wednesday, July 4, 2018 8:58 PM
The 'See pfirewall.log 0 bytes' suggest it exists and is zero bytes.
From an admin PowerShell prompt, what does the following show? (post the command and result in a reply)
Get-Content -Path C:\Windows\System32\LogFiles\Firewall\pfirewall.log
Wednesday, July 4, 2018 9:45 PM
PS C:\WINDOWS\system32> Get-Content -Path C:\Windows\System32\LogFiles\Firewall\pfirewall.log
PS C:\WINDOWS\system32>
Wednesday, July 4, 2018 9:58 PM
Went back in and enabled blocking on Public profile and went through wizard to point pfirewall.log
Now blocks and logs
PS C:\WINDOWS\system32> Get-Content -Path C:\Windows\System32\LogFiles\Firewall\pfirewall.log
#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
2018-07-04 14:54:43 ALLOW TCP 192.168.2.101 34.232.255.189 65082 80 0 - 0 0 0 - - - SEND
2018-07-04 14:54:43 ALLOW TCP 127.0.0.1 127.0.0.1 65083 14107 0 - 0 0 0 - - - SEND
2018-07-04 14:54:43 ALLOW TCP 127.0.0.1 127.0.0.1 65083 14107 0 - 0 0 0 - - - RECEIVE
2018-07-04 14:54:50 ALLOW TCP 73.220.189.99 192.168.2.101 56396 21 0 - 0 0 0 - - - RECEIVE
2018-07-04 14:54:50 DROP TCP 73.220.189.99 192.168.2.101 56397 65086 52 S 3349866772 0 65535 - - - RECEIVE
2018-07-04 14:54:53 ALLOW TCP 192.168.2.101 34.232.255.189 65087 80 0 - 0 0 0 - - - SEND
2018-07-04 14:54:53 DROP TCP 73.220.189.99 192.168.2.101 56397 65086 52 S 3349866772 0 65535 - - - RECEIVE
2018-07-04 14:54:59 DROP TCP 73.220.189.99 192.168.2.101 56397 65086 52 S 3349866772 0 65535 - - - RECEIVE
2018-07-04 14:55:01 ALLOW TCP 73.220.189.99 192.168.2.101 56403 21 0 - 0 0 0 - - - RECEIVE
2018-07-04 14:55:01 DROP TCP 73.220.189.99 192.168.2.101 56404 65088 52 S 1977515941 0 65535 - - - RECEIVE
2018-07-04 14:55:02 ALLOW UDP 192.168.2.103 192.168.2.255 138 138 0 - - - - - - - RECEIVE
2018-07-04 14:55:03 ALLOW TCP 192.168.2.101 34.232.255.189 65089 80 0 - 0 0 0 - - - SEND
2018-07-04 14:55:04 DROP TCP 73.220.189.99 192.168.2.101 56404 65088 52 S 1977515941 0 65535 - - - RECEIVE