CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

9.3.8 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

Use this option to specify the size limit of the file in whichWindows Firewall will write its log information.

The recommended state for this setting is: 16,384 KB or greater .

Rationale:

If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\ Logging:LogFileSize

Remediation:

To establish the recommended configuration via GP, set the following UI path to 16,384 KB or greater :

Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Logging Customize\Size limit (KB)

Impact:

The log file size will be limited to the specified size, old events will be overwritten by newer ones when the limit is reached.

430 | P a g e