CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

The recommended state for this setting is: %SystemRoot%\System32\logfiles\firewall\publicfw.log .

Rationale:

If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\ Logging:LogFilePath

Remediation:

To establish the recommended configuration via GP, set the following UI path to %SystemRoot%\System32\logfiles\firewall\publicfw.log :

Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Logging Customize\Name

Impact:

The log file will be stored in the specified file.

Default Value:

%SystemRoot%\System32\logfiles\firewall\pfirewall.log

428 | P a g e