Windows Firewall Audit Tool: Sample output

Generated by SekChek V1.5.2, 10-Feb-2013 11:56:02 (audit time: 4 seconds)

Overview	Active Firewall Rules	Inbound Rules	Outbound Rules	Help

Overview
Domain Profile
Profile Active	Yes
Firewall State	Windows Firewall is On (recommended)
Inbound Connections	Inbound connections that do not match a rule are blocked (default)
Outbound Connections	Outbound connections that do not match a rule are allowed (default)
Display Notifications	Yes (default) [when a program is blocked from receiving inbound connections]
Allow Unicast Response	Yes (default) [to multicast or broadcast network traffic]
Private Profile
Profile Active	No
Firewall State	Windows Firewall is Off
Inbound Connections	Inbound connections that do not match a rule are blocked (default)
Outbound Connections	Outbound connections that do not match a rule are allowed (default)
Display Notifications	No [when a program is blocked from receiving inbound connections]
Allow Unicast Response	No [to multicast or broadcast network traffic]
Public Profile
Profile Active	No
Firewall State	Windows Firewall is On (recommended)
Inbound Connections	All inbound connections are blocked
Outbound Connections	Outbound connections that do not match a rule are allowed (default)
Display Notifications	Yes (default) [when a program is blocked from receiving inbound connections]
Allow Unicast Response	Yes (default) [to multicast or broadcast network traffic]

Active Firewall Rules: 39 [Top]
Name	Core Networking - Destination Unreachable (ICMPv6-In)
Description	Destination Unreachable error messages are sent from any node that a packet traverses which is unable to forward the packet for any reason except congestion.
Rule Direction	Inbound
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	Yes
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	ICMPv6 (types and codes: 1:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In)
Description	Destination Unreachable Fragmentation Needed error messages are sent from any node that a packet traverses which is unable to forward the packet because fragmentation was needed and the don't fragment bit was set.
Rule Direction	Inbound
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	ICMPv4 (types and codes: 3:4)
Local Port	Any
Remote Port	Any
Name	Core Networking - DNS (UDP-Out)
Description	Outbound rule to allow DNS requests. DNS responses based on requests that matched this rule will be permitted regardless of source address. This behavior is classified as loose source mapping. [LSM] [UDP 53]
Rule Direction	Outbound
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\svchost.exe
Services	dnscache
Local IP Address	Any
Remote IP Address	Any
Protocol	UDP
Local Port	Any
Remote Port	53
Name	Core Networking - Dynamic Host Configuration Protocol (DHCP-In)
Description	Allows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
Rule Direction	Inbound
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\svchost.exe
Services	dhcp
Local IP Address	Any
Remote IP Address	Any
Protocol	UDP
Local Port	68
Remote Port	67
Name	Core Networking - Dynamic Host Configuration Protocol (DHCP-Out)
Description	Allows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
Rule Direction	Outbound
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\svchost.exe
Services	dhcp
Local IP Address	Any
Remote IP Address	Any
Protocol	UDP
Local Port	68
Remote Port	67
Name	Core Networking - Group Policy (LSASS-Out)
Description	Outbound rule to allow remote LSASS traffic for Group Policy updates [TCP].
Rule Direction	Outbound
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\lsass.exe
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	TCP
Local Port	Any
Remote Port	Any
Name	Core Networking - Group Policy (NP-Out)
Description	Core Networking - Group Policy (NP-Out)
Rule Direction	Outbound
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	TCP
Local Port	Any
Remote Port	445
Name	Core Networking - Group Policy (TCP-Out)
Description	Outbound rule to allow remote RPC traffic for Group Policy updates. [TCP]
Rule Direction	Outbound
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\svchost.exe
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	TCP
Local Port	Any
Remote Port	Any
==Truncated==	Sample only....

Inbound Rules: 32 (Filter: Enabled rules only) [Top]
Name	Core Networking - Destination Unreachable (ICMPv6-In)
Description	Destination Unreachable error messages are sent from any node that a packet traverses which is unable to forward the packet for any reason except congestion.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	Yes
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	ICMPv6 (types and codes: 1:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In)
Description	Destination Unreachable Fragmentation Needed error messages are sent from any node that a packet traverses which is unable to forward the packet because fragmentation was needed and the don't fragment bit was set.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	ICMPv4 (types and codes: 3:4)
Local Port	Any
Remote Port	Any
Name	Core Networking - Dynamic Host Configuration Protocol (DHCP-In)
Description	Allows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\svchost.exe
Services	dhcp
Local IP Address	Any
Remote IP Address	Any
Protocol	UDP
Local Port	68
Remote Port	67
Name	Core Networking - Internet Group Management Protocol (IGMP-In)
Description	IGMP messages are sent and received by nodes to create, join and depart multicast groups.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	IGMP
Local Port	Any
Remote Port	Any
Name	Core Networking - IPv6 (IPv6-In)
Description	Inbound rule required to permit IPv6 traffic for ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) and 6to4 tunneling services.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	IPv6
Local Port	Any
Remote Port	Any
Name	Core Networking - Multicast Listener Done (ICMPv6-In)
Description	Multicast Listener Done messages inform local routers that there are no longer any members remaining for a specific multicast address on the subnet.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	LocalSubnet
Protocol	ICMPv6 (types and codes: 132:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Multicast Listener Query (ICMPv6-In)
Description	An IPv6 multicast-capable router uses the Multicast Listener Query message to query a link for multicast group membership.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	LocalSubnet
Protocol	ICMPv6 (types and codes: 130:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Multicast Listener Report (ICMPv6-In)
Description	The Multicast Listener Report message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	LocalSubnet
Protocol	ICMPv6 (types and codes: 131:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Multicast Listener Report v2 (ICMPv6-In)
Description	Multicast Listener Report v2 message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	LocalSubnet
Protocol	ICMPv6 (types and codes: 143:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Neighbor Discovery Advertisement (ICMPv6-In)
Description	Neighbor Discovery Advertisement messages are sent by nodes to notify other nodes of link-layer address changes or in response to a Neighbor Discovery Solicitation request.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	Yes
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	ICMPv6 (types and codes: 136:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Neighbor Discovery Solicitation (ICMPv6-In)
Description	Neighbor Discovery Solicitations are sent by nodes to discover the link-layer address of another on-link IPv6 node.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	Yes
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	ICMPv6 (types and codes: 135:*)
Local Port	Any
Remote Port	Any
==Truncated==	Sample only....

Outbound Rules: 33 (Filter: Enabled rules only) [Top]
Name	Core Networking - DNS (UDP-Out)
Description	Outbound rule to allow DNS requests. DNS responses based on requests that matched this rule will be permitted regardless of source address. This behavior is classified as loose source mapping. [LSM] [UDP 53]
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\svchost.exe
Services	dnscache
Local IP Address	Any
Remote IP Address	Any
Protocol	UDP
Local Port	Any
Remote Port	53
Name	Core Networking - Dynamic Host Configuration Protocol (DHCP-Out)
Description	Allows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\svchost.exe
Services	dhcp
Local IP Address	Any
Remote IP Address	Any
Protocol	UDP
Local Port	68
Remote Port	67
Name	Core Networking - Group Policy (LSASS-Out)
Description	Outbound rule to allow remote LSASS traffic for Group Policy updates [TCP].
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\lsass.exe
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	TCP
Local Port	Any
Remote Port	Any
Name	Core Networking - Group Policy (NP-Out)
Description	Core Networking - Group Policy (NP-Out)
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	TCP
Local Port	Any
Remote Port	445
Name	Core Networking - Group Policy (TCP-Out)
Description	Outbound rule to allow remote RPC traffic for Group Policy updates. [TCP]
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain
Interface Types	All
Edge Traversal	No
Programs	C:\Windows\system32\svchost.exe
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	TCP
Local Port	Any
Remote Port	Any
Name	Core Networking - Internet Group Management Protocol (IGMP-Out)
Description	IGMP messages are sent and received by nodes to create, join and depart multicast groups.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	IGMP
Local Port	Any
Remote Port	Any
Name	Core Networking - IPv6 (IPv6-Out)
Description	Outbound rule required to permit IPv6 traffic for ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) and 6to4 tunneling services.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	System
Services	Any
Local IP Address	Any
Remote IP Address	Any
Protocol	IPv6
Local Port	Any
Remote Port	Any
Name	Core Networking - Multicast Listener Done (ICMPv6-Out)
Description	Multicast Listener Done messages inform local routers that there are no longer any members remaining for a specific multicast address on the subnet.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	Any
Services	Any
Local IP Address	Any
Remote IP Address	LocalSubnet
Protocol	ICMPv6 (types and codes: 132:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Multicast Listener Query (ICMPv6-Out)
Description	An IPv6 multicast-capable router uses the Multicast Listener Query message to query a link for multicast group membership.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	Any
Services	Any
Local IP Address	Any
Remote IP Address	LocalSubnet
Protocol	ICMPv6 (types and codes: 130:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Multicast Listener Report (ICMPv6-Out)
Description	The Multicast Listener Report message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	Any
Services	Any
Local IP Address	Any
Remote IP Address	LocalSubnet
Protocol	ICMPv6 (types and codes: 131:*)
Local Port	Any
Remote Port	Any
Name	Core Networking - Multicast Listener Report v2 (ICMPv6-Out)
Description	Multicast Listener Report v2 message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
Enabled	Yes
Action	Allow
Group	Core Networking
Profiles	Domain, Private, Public
Interface Types	All
Edge Traversal	No
Programs	Any
Services	Any
Local IP Address	Any
Remote IP Address	LocalSubnet
Protocol	ICMPv6 (types and codes: 143:*)
Local Port	Any
Remote Port	Any
==Truncated==	Sample only....

Other free security and audit tools from SekChek... [Top] » Tools Library \| PC Auditor \| Windows Firewall Auditor \| List Missing Windows Updates \| List Installed Products \| Search Event Log \| Query Active Directory \| Query Access Permissions \| Sid Resolver \| Find Orphaned Sids \| List Open Files \| Ping

Copyright© 2008-2013, SekChek IPS. All rights reserved. SekChek® is a registered trademark of SekChek IPS. All other trademarks are the property of their respective owners. www.sekchek.com
About SekChek IPS SekChek® IPS is a leading provider of computer security review, auditing and benchmarking tools and has served many of the world’s largest companies and public institutions in 130 countries since 1996. SekChek’s clients include security and audit professionals in IT departments, audit firms, internal audit functions, regulatory compliance and corporate governance departments. SekChek’s benchmarking features compare security policies and controls against a unique statistics database containing more than 30 million anonymous and real-life security measurements compiled from 70,000 computer systems across all major industry sectors.