Team: Huntress EDR
Product: Firewall Status
Environment: Windows Defender Firewall
Summary: Huntress reports the status of Windows Defender Firewall.
Huntress’ Firewall status allows the ability to view the status of Windows Defender Firewall on the protected Endpoints. The host is reviewed by our system for the Windows Firewall Profiles to ensure they are all enabled.
More information about Windows Firewall Profiles here: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ics/windows-firewall-profiles
Enabling and Managing Windows Defender Firewall
Microsoft's Defender Firewall should be enabled by default, however if not you'll want to re-enable it and the best place to start is with these external links from Microsoft (in order of increasing complexity)
- Enable the firewall on a specific host: https://learn.microsoft.com/en-us/mem/intune/user-help/you-need-to-enable-defender-firewall-windows
- Best practices for configuring Windows Defender Firewall: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring
- Enable the firewall via PowerShell commands: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell#enable-windows-defender-firewall-with-advanced-security Please note it's generally not a good idea to run these particular commands programmatically across your entire account as it could accidentally block key services or disrupt server communications. Instead we recommend running those commands on a case by case basis. For reference those PowerShell commands are:
netsh advfirewall set allprofiles state on
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
You can then verify the setting has applied with this PowerShell command:
Get-NetFirewallProfile | Select Name, Enabled
Although Huntress is able to view the status of the firewall, support in enabling the firewall is limited. Please reach out to Microsoft support or review the articles above if there are any issues enabling the firewall properly.