9.2.5 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log' - %SYSTEMROOT%\System32\logfiles\firewall\privatefw.log
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
Use this option to specify the path and name of the file in which Windows Firewall will write its log information. The recommended state for this setting is: %SystemRoot%\System32\logfiles\firewall\privatefw.log. Rationale: If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users. Impact: The log file will be stored in the specified file.
Solution
To establish the recommended configuration via GP, set the following UI path to %SystemRoot%\System32\logfiles\firewall\privatefw.log: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Logging Customize\Name Default Value: %SystemRoot%\System32\logfiles\firewall\pfirewall.log