I've added a rule to windows firewall to block outgoing connections from a certain program, but want to be able to check how often it's trying to connect and subsequently being blocked to make sure my rule is working.
If it were a browser or similar I could just open it up and see that it has no connection, but its something that connects in the background and doesn't give an error if it can't connect.
I've had a look in event viewer but can't see anything that actually logs when a rule has been applied?
[url= https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/ ]First Google hit[/url]
i did google it, honest guv.
Following the instructions in that post just gives me an empty log file, nothing showing as allowed or blocked? 😕
In the properties bit there's three tabs for the settings for domain/private/public profile. Make sure you're doing the settings for the right one (or all of them).
In the properties bit there's three tabs for the settings for domain/private/public profile. Make sure you're doing the settings for the right one (or all of them).
It'll probably be "private" assuming you set the network to "Home" when you initially connected to it. It'll show "connected" in the Firewall Properties page.
Yep, fixed, I took out the environment variable part of the log path and directed it straight to c:\ seems to work now.
Can't see that the prog is trying to connect and I made a dummy rule to block chrome to see how it looked when that got blocked to make sure I wasn't missing something.
Hopefully its just not talking at the moment then!
It'd be a lot handier if the log actually told you which program it was that was trying to connect, I'm just trying to figure it out by looking up the IPs...
Actually, its certainly dropping two connections, looks like a third gets through but its showing as a connection to 192.169.1.1 which is the main router. The two dropped ones are out in the wild.
Assume that the connection to the router isn't going to be anything going external?
But then there's loads of those ones going on all the time so may just be a coincidence that it always appears between the two blocked ones...
192.169.1.1 which is the main router.
192.16[b]8[/b].1.1 you mean?
it might be helpful if we knew what this app was?
Sorry yes, typo.
Its a bespoke program from work that was written quite a while ago.
