Kaseya Community

Monitor changes made to software firewall

  • Greetings, community! Hope everyone is well!!

    Here's my end goal: I want to monitor 2 events: If the network type changes (From work/home to public and reverse as well.) I also want to be able to monitor if any changes are made to the software firewall. Entries being added, or the firewall being disabled. We have recently ran into some issues on a server where the network location changed, and it broke RDP from within their local network.

    Please help!!


  • Try using a script that runs "netsh advfirewall show currentprofile" and stores the result. if result <> domain or work or whatever you want, set off an alarm or whatever you need to do.

    You can also query the firewall via WMI, the registry or powershell. lots of ways to manage this.

    Finally, there is a hotfix for server 2008R2 that fixes it choosing the wrong profile. you might just need that. support.microsoft.com/.../2524478