I'm a bit uncomfortable with how Windows 10 is displaying its Firewall status. I'm trying to audit my Windows 10 and Server 2016 devices to get the following information:
- Is the Windows Firewall enabled? [NOT WORKING]
- Are all 3 profiles enabled? [WORKING]
- Is there a third party Firewall enabled? [WORKING]
From this screen it looks as though everything is enabled and healthy:
Healthy FW profiles
Yet when I go up one level this is the message I see (clicking 'Turn on' does nothing):
WF disabled due to BitDefender
If I check the registry keys here for the three profiles I can see that they're all enabled: "HKLM:\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy"
yet they're not actually 'enabled' because the Windows Firewall is disabled.
This little snippet detects third-party firewalls on the device:
$firewalls= @(Get-WmiObject -Namespace $securityCenterNS -class FirewallProduct -ErrorAction Stop)
if($firewalls.Count -eq 0){
Write-Output "No third party firewall installed."
}else{
$firewalls | Foreach-Object {
[int]$productState=$_.ProductState
$hexString=[System.Convert]::toString($productState,16).padleft(6,'0')
$provider=$hexString.substring(0,2)
$realTimeProtec=$hexString.substring(2,2)
$definition=$hexString.substring(4,2)
"Product Name : {0}." -f $_.displayName
"Service Type : {0}." -f $SecurityProvider[[String]$provider]
"State : {0}.`n`n" -f $RealTimeBehavior[[String]$realTimeProtec]
}
}
<# OUTPUT:
Product Name : Bitdefender Firewall
Service Type : AntiVirus
State : ON
#>
Question:
How can I tell if a Windows Firewall (not just its profiles) is truly enabled or disabled? Is there a particular value I need to find in the registry? Is there a commandlet below that would quickly tell me whether the FW is actually on or not?
Best Answer
The Windows Firewall is installed onto the OS as a service. To know if it's enabled or disabled globally then you'd need to confirm whether or not its status is "running" or "stopped".
PowerShell
Furthermore, as per Windows Firewall Profiles it is stated that. . .
So this means that Windows Firewall can be disabled or enabled at these three profile levels as well and thus to confirm if it's enabled or disabled here, you'll need to check the status of these profiles.
Powershell
Further Resources