Team: Huntress EDR
Product: Firewall Status
Environment: Windows Defender Firewall
Summary: Huntress reports the status of Windows Defender Firewall.
Huntress’ Firewall status allows the ability to view the status of Windows Defender Firewall on the protected Endpoints. The host is reviewed by our system for the Windows Firewall Profiles to ensure they are all enabled.
More information about Windows Firewall Profiles here: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ics/windows-firewall-profiles
Firewall Status and Group Policy
Huntress looks at the host's local policy when determining the status of the Firewall. If there is a Group Policy in place to manage the firewall, we would not be able to report on the host's firewall status as domain and universal GPO's take precedence over local policy.
Enabling and Managing Windows Defender Firewall
Microsoft's Defender Firewall should be enabled by default, however if not you'll want to re-enable it and the best place to start is with these external links from Microsoft (in order of increasing complexity)
- Enable the firewall on a specific host: https://learn.microsoft.com/en-us/mem/intune/user-help/you-need-to-enable-defender-firewall-windows
- Best practices for configuring Windows Defender Firewall: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring
- Enable the firewall via PowerShell commands: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell#enable-windows-defender-firewall-with-advanced-security Please note it's generally not a good idea to run these particular netsh (CMD or PoSh) or PowerShell commands programmatically across your entire account as it could accidentally block key services or disrupt server communications. Instead we recommend running those commands on a case by case basis. For reference those commands are:
netsh advfirewall set allprofiles state on
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
Although Huntress is able to view the status of the firewall, support in enabling the firewall is limited. Please reach out to Microsoft support or review the articles above if there are any issues enabling the firewall properly.