/build/static/layout/Breadcrumb_cap_w.png

Any way to use KACE reporting to report firewall status of Windows Defender for devices?

I am hoping someone knows of a way to utilize KACE and reporting to be able to see what the status of my domain PCs firewall status is via Windows Defender... any ideas?


2 Comments   [ + ] Show comments
  • I also needed to see the status of Windows Firewall on domain PCs (just whether it was enabled or disabled) So I created a custom inventory rule using the following:
    ShellCommandTextReturn(cmd.exe /c netsh advfirewall show allprofiles)

    I'm know you can do a lot more with the "netsh advfirewall" command I just didn't really need to investigate any further. - cidneyd 4 years ago
  • I use a Custom inventory Rule, and works like a charm for my needs.

    ShellCommandTextReturn(powershell.exe -NoLogo -NonInteractive -NoProfile -Command "Get-NetFirewallProfile | Select Name, Enabled") - Jako 4 years ago

Answers (5)

Answer Summary:
Posted by: Nico_K 4 years ago
Red Belt
2

Review this page.
https://www.windowscentral.com/how-use-windows-defender-command-prompt-windows-10

Here you can find the usual commands, which you can use in a Custom Inventory Rule to report the status.


Posted by: Jako 4 years ago
White Belt
2

Top Answer

I use a Custom inventory Rule, and works like a charm for my needs.

ShellCommandTextReturn(powershell.exe -NoLogo -NonInteractive -NoProfile -Command "Get-NetFirewallProfile | Select Name, Enabled")

9k=

The result in the Inventory looks like this:

9k=


My Report shows all devices, but you can filter it to only show anything with a False for Domain for example

Z



Posted by: Channeler 4 years ago
Red Belt
1

The KACE Appliance can Report about Registry status.... These are called custom inventory rule.

You will need to tell the appliance what Key or Keys to look for and give it a name...

The problem is Microsoft constantly changes the registry and the firewall status is tied to a couple of registry keys...

See:

https://www.wintips.org/how-to-disable-defender-antivirus-firewall-in-windows-10/

Look at the amount of keys they mod to turn off the firewall, you will need a Custom Inventory rule to check the status of all of those keys...


Like if 

Key A=1 and Key B=1 and Key C=1  then it will fall into the creteria of a Custom Inventory Rule named "Win Defender Firewall Enabled"

Custom Inventory Rules where very popular for customers who wanted to report on each version of Internet Explorer a couple of years ago, see:

https://www.itninja.com/blog/view/kace-custom-inventory-rules-101

There is also another possibility, if you could get the status of that firewall via powershell , you could simply use a Custom Inventory Rule with the ShellCommandTextReturn function, and that will gather the status into the inventory, without having to query the registy places.

Posted by: jct134 4 years ago
Senior Purple Belt
1

What I do,


I set up a custom rule with:

RegistryValueEquals(HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications,DisableNotifications,00000001)


Then I have a smart label that detects windows 10 devices that DO NOT have this custom inventory item..


Then a script is set on a schedule to set this registry key on the smart label devices..


Works for us real well

Posted by: danflynn 1 year ago
Orange Belt
0

Might suggest this if you only care if any of the Firewalls are off or inbound policy is set not to block or add the "Enabled,DefaultInboundAction" to the example above

Yes you can have the firewall on but if you allow incoming connects by default do you really have a firewall?

ShellCommandTextReturn(powershell.exe -NoLogo -NonInteractive -NoProfile -Command "Get-NetFirewallProfile  | Where-Object {$_.enabled -ne 'True' -or $_.DefaultInboundAction -ne 'Block'} | Select Name, Enabled,DefaultInboundAction") 

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ