Audit Policy: Object Access: Filtering Platform Connection (Failure)ID: oval:org.secpod.oval:def:18884 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Object Access: Filtering Platform Connection events on failure should be enabled or disabled as appropriate.
Audit Filtering Platform Connection, which determines whether the operating system generates audit events when connections are allowed or blocked by the Windows Filtering Platform. Windows Filtering Platform (WFP) was introduced in Windows Server 2008 and Windows Vista to enable independent software vendors (ISVs) to filter and modify TCP/IP packets, monitor or authorize connections, filter Internet Protocol security (IPsec)-protected traffic, and filter remote procedure calls (RPCs). This security policy enables you to audit the following types of actions: * The Windows Firewall service blocks an application from accepting incoming connections on the network. * The Windows Filtering Platform allows or blocks a connection. * The Windows Filtering Platform permits or blocks a bind to a local port. * The Windows Filtering Platform permits or blocks an application or service from listening for incoming connections on a port.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |