Home
  •  

Windows Firewall

Microsoft.FEP.ProtectedServer.FWStatus.Monitor (UnitMonitor)

This monitor detects the Windows Firewall state.

Knowledge Base article:

Summary

Turning on this monitor will allow an alert to be generated if it is detected that Windows Firewall has been turned off on a client computer.

Configuration

This monitor is turned off by default, but can be turned on if required.

Resolutions

You can turn on Windows Firewall by using a built-in task in Operations Manager, changing the deployed policy, or changing the local configuration on the client computer.

Element properties:

TargetMicrosoft.FEP.ProtectedServer
Parent MonitorMicrosoft.FEP.ProtectedServer.FEP.Aggregate.Monitor
CategoryCustom
EnabledFalse
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.FEP.SecurityVulnerability.FirewallMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Windows Firewall Turned Off
Forefront Endpoint Protection client detected that Windows Firewall on '{0}' was turned off.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.FEP.ProtectedServer.FWStatus.Monitor" Accessibility="Public" Enabled="false" Target="FEPLibrary!Microsoft.FEP.ProtectedServer" ParentMonitorID="Microsoft.FEP.ProtectedServer.FEP.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="FEPLibrary!Microsoft.FEP.SecurityVulnerability.FirewallMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.FEP.ProtectedServer.FWStatus.Monitor.Alert">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Target/Property[Type="System!System.Entity"]/DisplayName$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="RunningID" MonitorTypeStateID="On" HealthState="Success"/>

    <OperationalState ID="NotRunningID" MonitorTypeStateID="Off" HealthState="Warning"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <DelayTime>20</DelayTime>

  </Configuration>

</UnitMonitor>