Score:0

Capture and convert Windows Defender Firewall log to allow rules

cn flag

is there a way to capture the Windows firewall traffic (TCP/UDP, Ports, IPs) for some time and then convert them to allowed firewall rules on Windows systems?

It would make sense in my opinion to capture the traffic for like a week while "allow" both incoming and outgoing. Then let the main programs use their ports and capture the traffic into the Firewall log. Then create allow rules from the log file. That way, when all functions were used, you can make sure, that all necessary ports are used and you can block the rest per global setting.

I think it may be possible to use a Scripts, which reads the Log (which the firewall creates when enabled) and creates (powershell) one-liner per rule out of it. Or is there a more simple function?

Of course there is a manual need to examine the rules and perhaps disable some again.

Thanks in advance! Maybe this also helps others...

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.