Windows Defender Firewall: Allow logging - LogDroppedPackets

Information

Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives.
If you enable this policy setting, Windows Defender Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Defender Firewall does not provide an option to log successful incoming messages.
If you are configuring the log file name, ensure that the Windows Defender Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log.
If you disable this policy setting, Windows Defender Firewall does not record information in the log file. If you enable this policy setting, and Windows Defender Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Defender Firewall leaves the log file intact.
If you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled.

Solution

Policy Path: Network\Network Connections\Windows Defender Firewall\Domain Profile
Policy Setting Name: Windows Defender Firewall: Allow logging

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Windows

Control ID: 3e8912c8c2493d91fb6e3079aa10b494de4c25c0502a1be4bcaa8c11552f30f7