search

falahati / WindowsFirewallHelper

A class library to manage the Windows Firewall as well as adding your program to the Windows Firewall Exception list.
MIT License
276 stars 72 forks source link

Global firewall status? #20

Closed jaisato closed 5 years ago

jaisato commented 5 years ago

Hi,

I can check if firewall profiles are enabled. I would like to check if firewall is enabled too. Is that possible? How can I check it?

Thanks in advance!

falahati commented 5 years ago

What do you mean if the firewall is disabled? Windows firewall is considered as disabled if it is disabled for all and every profile.

Not sure what will be the result if there is a third party firewall installed or if the "mpssvc" (Windows Defender Firewall) service is stopped or disabled. You might want to try that and see what are the outputs.

jaisato commented 5 years ago

Ok, thanks for your support. I'll check the outputs for such conditions.

falahati commented 5 years ago

Version 2 (currently alpha) of this library now allows you to check to see if windows firewall service is running and also retrieve information about the third party firewall software installed and what type of rules they are registered to manage.

OmiCron07 commented 5 years ago

Version 2 (currently alpha) of this library now allows you to check to see if windows firewall service is running and also retrieve information about the third party firewall software installed and what type of rules they are registered to manage.

I'm trying with V1 and V2 to check if the firewall is activated, but I don't get good results. Check this screenshot :

image

As my screenshot, I have everything disabled, but with the API, this is what I get :

image

How can I check if the firewall is enabled or disabled?

falahati commented 5 years ago

Enable indicates if the firewall is enabled and filtering traffic IsActive indicates if the firewall profile is active; not necessarily filtering traffic tho. This means there is at least one connection using this profile.

Therefore in your example, for both Public and Private profiles, the state is correctly reported as disabled. However, this is not the case for the Domain profile in your example even tho you had manually disabled that as well.

The reason why Domin firewall is still enabled and active is (as correctly pointed out by the message on the top of the page) due to a Group Policy Object; either local, from Active Directory or from Organizational Units.