Windows Defender Firewall with Advanced Security log size must be configured for domain connections.

An XCCDF Rule

Description

<VulnDiscussion>A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The firewall log file size for a domain connection will be set to ensure enough capacity is allocated for audit data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-241994r922938_rule
Severity: Low
References: CCI-000140
Updated: 9 months ago

The preferred method of configuring the firewall settings is with a policy, particularly in a domain environment.

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Microsoft Defender Firewall with Advanced Security >> Microsoft Defender Firewall with Advanced Security >> Microsoft Defender Firewall Properties (this link will be in the right pane) >> Domain Profile tab >> Logging (select Customize), "Size limit (KB):" to "16,384" or greater.

In addition to using policies, systems may also be configured using the firewall GUI or Netsh commands. These methods may be more appropriate for standalone systems.
The configuration settings in the GUI are the same as those specified in the policy above. Microsoft Defender Firewall Properties will be a link in the center pane after opening Microsoft Defender Firewall with Advanced Security.

The following Netsh command may also be used to configure this setting:

"Netsh advfirewall set domainprofile logging maxfilesize 16384" or greater.

Windows Defender Firewall with Advanced Security log size must be configured for domain connections.

Description

Remediation - Manual Procedure