Go to www.sekchek.com

 www.sekchek.com

Windows Firewall Audit Tool: Sample output

Generated by SekChek V1.5.2, 10-Feb-2013 11:56:02 (audit time: 4 seconds)
Overview Active Firewall Rules Inbound Rules Outbound Rules Help
 
Overview
Domain Profile 
Profile ActiveYes
Firewall StateWindows Firewall is On (recommended)
Inbound ConnectionsInbound connections that do not match a rule are blocked (default)
Outbound ConnectionsOutbound connections that do not match a rule are allowed (default)
Display NotificationsYes (default)   [when a program is blocked from receiving inbound connections]
Allow Unicast ResponseYes (default)   [to multicast or broadcast network traffic]
Private Profile 
Profile ActiveNo
Firewall StateWindows Firewall is Off
Inbound ConnectionsInbound connections that do not match a rule are blocked (default)
Outbound ConnectionsOutbound connections that do not match a rule are allowed (default)
Display NotificationsNo   [when a program is blocked from receiving inbound connections]
Allow Unicast ResponseNo   [to multicast or broadcast network traffic]
Public Profile 
Profile ActiveNo
Firewall StateWindows Firewall is On (recommended)
Inbound ConnectionsAll inbound connections are blocked
Outbound ConnectionsOutbound connections that do not match a rule are allowed (default)
Display NotificationsYes (default)   [when a program is blocked from receiving inbound connections]
Allow Unicast ResponseYes (default)   [to multicast or broadcast network traffic]
Active Firewall Rules: 39   [Top]
NameCore Networking - Destination Unreachable (ICMPv6-In)
DescriptionDestination Unreachable error messages are sent from any node that a packet traverses which is unable to forward the packet for any reason except congestion.
Rule DirectionInbound
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalYes
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolICMPv6 (types and codes: 1:*)
Local PortAny
Remote PortAny
NameCore Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In)
DescriptionDestination Unreachable Fragmentation Needed error messages are sent from any node that a packet traverses which is unable to forward the packet because fragmentation was needed and the don't fragment bit was set.
Rule DirectionInbound
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolICMPv4 (types and codes: 3:4)
Local PortAny
Remote PortAny
NameCore Networking - DNS (UDP-Out)
DescriptionOutbound rule to allow DNS requests. DNS responses based on requests that matched this rule will be permitted regardless of source address. This behavior is classified as loose source mapping. [LSM] [UDP 53]
Rule DirectionOutbound
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\svchost.exe
Servicesdnscache
Local IP AddressAny
Remote IP AddressAny
ProtocolUDP
Local PortAny
Remote Port53
NameCore Networking - Dynamic Host Configuration Protocol (DHCP-In)
DescriptionAllows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
Rule DirectionInbound
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\svchost.exe
Servicesdhcp
Local IP AddressAny
Remote IP AddressAny
ProtocolUDP
Local Port68
Remote Port67
NameCore Networking - Dynamic Host Configuration Protocol (DHCP-Out)
DescriptionAllows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
Rule DirectionOutbound
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\svchost.exe
Servicesdhcp
Local IP AddressAny
Remote IP AddressAny
ProtocolUDP
Local Port68
Remote Port67
NameCore Networking - Group Policy (LSASS-Out)
DescriptionOutbound rule to allow remote LSASS traffic for Group Policy updates [TCP].
Rule DirectionOutbound
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\lsass.exe
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolTCP
Local PortAny
Remote PortAny
NameCore Networking - Group Policy (NP-Out)
DescriptionCore Networking - Group Policy (NP-Out)
Rule DirectionOutbound
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolTCP
Local PortAny
Remote Port445
NameCore Networking - Group Policy (TCP-Out)
DescriptionOutbound rule to allow remote RPC traffic for Group Policy updates. [TCP]
Rule DirectionOutbound
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\svchost.exe
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolTCP
Local PortAny
Remote PortAny
==Truncated==Sample only....
Inbound Rules: 32 (Filter: Enabled rules only)   [Top]
NameCore Networking - Destination Unreachable (ICMPv6-In)
DescriptionDestination Unreachable error messages are sent from any node that a packet traverses which is unable to forward the packet for any reason except congestion.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalYes
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolICMPv6 (types and codes: 1:*)
Local PortAny
Remote PortAny
NameCore Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In)
DescriptionDestination Unreachable Fragmentation Needed error messages are sent from any node that a packet traverses which is unable to forward the packet because fragmentation was needed and the don't fragment bit was set.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolICMPv4 (types and codes: 3:4)
Local PortAny
Remote PortAny
NameCore Networking - Dynamic Host Configuration Protocol (DHCP-In)
DescriptionAllows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\svchost.exe
Servicesdhcp
Local IP AddressAny
Remote IP AddressAny
ProtocolUDP
Local Port68
Remote Port67
NameCore Networking - Internet Group Management Protocol (IGMP-In)
DescriptionIGMP messages are sent and received by nodes to create, join and depart multicast groups.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolIGMP
Local PortAny
Remote PortAny
NameCore Networking - IPv6 (IPv6-In)
DescriptionInbound rule required to permit IPv6 traffic for ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) and 6to4 tunneling services.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolIPv6
Local PortAny
Remote PortAny
NameCore Networking - Multicast Listener Done (ICMPv6-In)
DescriptionMulticast Listener Done messages inform local routers that there are no longer any members remaining for a specific multicast address on the subnet.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressLocalSubnet
ProtocolICMPv6 (types and codes: 132:*)
Local PortAny
Remote PortAny
NameCore Networking - Multicast Listener Query (ICMPv6-In)
DescriptionAn IPv6 multicast-capable router uses the Multicast Listener Query message to query a link for multicast group membership.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressLocalSubnet
ProtocolICMPv6 (types and codes: 130:*)
Local PortAny
Remote PortAny
NameCore Networking - Multicast Listener Report (ICMPv6-In)
DescriptionThe Multicast Listener Report message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressLocalSubnet
ProtocolICMPv6 (types and codes: 131:*)
Local PortAny
Remote PortAny
NameCore Networking - Multicast Listener Report v2 (ICMPv6-In)
DescriptionMulticast Listener Report v2 message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressLocalSubnet
ProtocolICMPv6 (types and codes: 143:*)
Local PortAny
Remote PortAny
NameCore Networking - Neighbor Discovery Advertisement (ICMPv6-In)
DescriptionNeighbor Discovery Advertisement messages are sent by nodes to notify other nodes of link-layer address changes or in response to a Neighbor Discovery Solicitation request.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalYes
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolICMPv6 (types and codes: 136:*)
Local PortAny
Remote PortAny
NameCore Networking - Neighbor Discovery Solicitation (ICMPv6-In)
DescriptionNeighbor Discovery Solicitations are sent by nodes to discover the link-layer address of another on-link IPv6 node.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalYes
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolICMPv6 (types and codes: 135:*)
Local PortAny
Remote PortAny
==Truncated==Sample only....
Outbound Rules: 33 (Filter: Enabled rules only)   [Top]
NameCore Networking - DNS (UDP-Out)
DescriptionOutbound rule to allow DNS requests. DNS responses based on requests that matched this rule will be permitted regardless of source address. This behavior is classified as loose source mapping. [LSM] [UDP 53]
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\svchost.exe
Servicesdnscache
Local IP AddressAny
Remote IP AddressAny
ProtocolUDP
Local PortAny
Remote Port53
NameCore Networking - Dynamic Host Configuration Protocol (DHCP-Out)
DescriptionAllows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\svchost.exe
Servicesdhcp
Local IP AddressAny
Remote IP AddressAny
ProtocolUDP
Local Port68
Remote Port67
NameCore Networking - Group Policy (LSASS-Out)
DescriptionOutbound rule to allow remote LSASS traffic for Group Policy updates [TCP].
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\lsass.exe
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolTCP
Local PortAny
Remote PortAny
NameCore Networking - Group Policy (NP-Out)
DescriptionCore Networking - Group Policy (NP-Out)
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolTCP
Local PortAny
Remote Port445
NameCore Networking - Group Policy (TCP-Out)
DescriptionOutbound rule to allow remote RPC traffic for Group Policy updates. [TCP]
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain
Interface TypesAll
Edge TraversalNo
ProgramsC:\Windows\system32\svchost.exe
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolTCP
Local PortAny
Remote PortAny
NameCore Networking - Internet Group Management Protocol (IGMP-Out)
DescriptionIGMP messages are sent and received by nodes to create, join and depart multicast groups.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolIGMP
Local PortAny
Remote PortAny
NameCore Networking - IPv6 (IPv6-Out)
DescriptionOutbound rule required to permit IPv6 traffic for ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) and 6to4 tunneling services.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsSystem
ServicesAny
Local IP AddressAny
Remote IP AddressAny
ProtocolIPv6
Local PortAny
Remote PortAny
NameCore Networking - Multicast Listener Done (ICMPv6-Out)
DescriptionMulticast Listener Done messages inform local routers that there are no longer any members remaining for a specific multicast address on the subnet.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsAny
ServicesAny
Local IP AddressAny
Remote IP AddressLocalSubnet
ProtocolICMPv6 (types and codes: 132:*)
Local PortAny
Remote PortAny
NameCore Networking - Multicast Listener Query (ICMPv6-Out)
DescriptionAn IPv6 multicast-capable router uses the Multicast Listener Query message to query a link for multicast group membership.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsAny
ServicesAny
Local IP AddressAny
Remote IP AddressLocalSubnet
ProtocolICMPv6 (types and codes: 130:*)
Local PortAny
Remote PortAny
NameCore Networking - Multicast Listener Report (ICMPv6-Out)
DescriptionThe Multicast Listener Report message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsAny
ServicesAny
Local IP AddressAny
Remote IP AddressLocalSubnet
ProtocolICMPv6 (types and codes: 131:*)
Local PortAny
Remote PortAny
NameCore Networking - Multicast Listener Report v2 (ICMPv6-Out)
DescriptionMulticast Listener Report v2 message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
EnabledYes
ActionAllow
GroupCore Networking
ProfilesDomain, Private, Public
Interface TypesAll
Edge TraversalNo
ProgramsAny
ServicesAny
Local IP AddressAny
Remote IP AddressLocalSubnet
ProtocolICMPv6 (types and codes: 143:*)
Local PortAny
Remote PortAny
==Truncated==Sample only....
 
Other free security and audit tools from SekChek...    [Top]
»   Tools Library | PC Auditor | Windows Firewall Auditor | List Missing Windows Updates | List Installed Products | Search Event Log | Query Active Directory | Query Access Permissions | Sid Resolver | Find Orphaned Sids | List Open Files | Ping

Copyright© 2008-2013, SekChek IPS. All rights reserved.
SekChek® is a registered trademark of SekChek IPS. All other trademarks are the property of their respective owners.
www.sekchek.com

About SekChek IPS
SekChek® IPS is a leading provider of computer security review, auditing and benchmarking tools and has served many of the world’s largest companies and public institutions in 130 countries since 1996. SekChek’s clients include security and audit professionals in IT departments, audit firms, internal audit functions, regulatory compliance and corporate governance departments. SekChek’s benchmarking features compare security policies and controls against a unique statistics database containing more than 30 million anonymous and real-life security measurements compiled from 70,000 computer systems across all major industry sectors.