9.2.4 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log' - %SystemRoot%\System32\logfiles\firewall\privatefw.log

Information

Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

The recommended state for this setting is: %SystemRoot%\System32\logfiles\firewall\privatefw.log.

Rationale:

If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Impact:

The log file will be stored in the specified file.

Solution

To establish the recommended configuration via GP, set the following UI path to %SystemRoot%\System32\logfiles\firewall\privatefw.log:

Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Logging Customize\Name

Default Value:

%SystemRoot%\System32\logfiles\firewall\pfirewall.log

See Also

https://workbench.cisecurity.org/files/4286

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.4, CSCv7|11.2

Plugin: Windows

Control ID: 5d0aabe980e8e6ab9847c98e9c9c86482d7355318f97759009669c7bda9bfddf