What .exe was blocked in Windows Firewall?

By default Windows does not log what executable is being blocked by Windows Firewall. In order to log what executable is being blocked run the following command as an administrator:

auditpol /set /subcategory:"{0CCE9226-69AE-11D9-BED3-505054503030}" /success:disable /failure:enable

Open event viewer and navigate to Windows logs -> Security

From right side panel click Filter log -> Keywords -> Select “Audit Failure

You should now see the specific executable that is being blocked by Windows Firewall and you can add the appropriate rules to allow it.

Source:

https://serverfault.com/questions/316428/does-windows-firewall-have-the-ability-to-log-which-exe-is-blocked

Leave a Reply

Up Next:

Get notified about duplicate host names in SCCM

Get notified about duplicate host names in SCCM