9.1.4 (L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'

Information

Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections.
The recommended state for this setting is: No.
Note: When the Apply local firewall rules setting is configured to No, it's recommended to also configure the Display a notification setting to No. Otherwise, users will continue to receive messages that ask if they want to unblock a restricted inbound connection, but the user's response will be ignored.

Rationale:
Firewall notifications can be complex and may confuse the end users, who would not be able to address the alert.

Solution

To establish the recommended configuration via GP, set the following UI path to No:
Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Settings Customize\Display a notification

Impact:
Windows Firewall will not display a notification when a program is blocked from receiving inbound connections.

Default Value:
Yes. (Windows Firewall with Advanced Security will display a notification when a program is blocked from receiving inbound connections.)

References:
1. CCE-33062-1

See Also

https://workbench.cisecurity.org/benchmarks/14249

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

References: 800-53|CA-3, 800-53|CA-9, 800-53|CM-3, CSCv7|11.2, CSCv7|11.3

Plugin: Windows

Control ID: 0e027b1b4199969835392d95f79050cdf73a8efb3329bdd56fda88b1701deed1