9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'

Information

Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

The recommended state for this setting is: %SystemRoot%\System32\logfiles\firewall\privatefw.log

If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Solution

To establish the recommended configuration via GP, set the following UI path to %SystemRoot%\System32\logfiles\firewall\privatefw.log :

Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Logging Customize\Name

Impact:

The log file will be stored in the specified file.

See Also

https://workbench.cisecurity.org/benchmarks/14289

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.4, CSCv7|11.2

Plugin: Windows

Control ID: 6be9bde926cffd3bf75518cb86f04a78931a0ad9ad4693e6eb4f447cfaf964c7