This article provides useful information regarding the function of 'Check Microsoft Firewall Status' audit.
This audit checks the existence and value of the following registry keys on the event source:
These keys are being created and set to the value 1 when the following policies of the Group Policy Object are applied to a computer:
- Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall
- For both subkeys (domain and standard policy): Windows Firewall: Protect all network connections.
If GFI EventsManager successfully finds these keys being set to 1, the audit will consider the firewall as being enabled.