Object Access: Audit Filtering Platform ConnectionID: oval:org.secpod.oval:def:14787 | Date: (C)2013-08-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included:
The Windows Firewall Service blocks an application from accepting incoming connections on the network.
The WFP allows a connection.
The WFP blocks a connection.
The WFP permits a bind to a local port.
The WFP blocks a bind to a local port.
The WFP allows a connection.
The WFP blocks a connection.
The WFP permits an application or service to listen on a port for incoming connections.
The WFP blocks an application or service to listen on a port for incoming connections.
If you configure this policy setting, an audit event is generated when connections are allowed or blocked by the WFP. Success audits record events generated when connections are allowed and Failure audits record events generated when connections are blocked.
If you do not configure this policy setting, no audit event is generated when connected are allowed or blocked by the WFP.
Volume: High.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Filtering Platform Connection
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |