Firewall Log Folder & Logs missing on some servers

StephanG 766 Reputation points
2023-08-28T06:05:23.4066667+00:00

Hi everyone,

i recently noticed that on some servers the Firewall Log Folder is missing.

Typically on those i accessed them (and needed to elevate to access them).

I then recreate the Log Folder and add mpsvc as the Owner - then logging continues. But this cannot be normal behaviour.

I have Defender for Endpoint installed but i did not find the possibility to hunt for it.

Anyone else have these problems or can give me a hint how to find out which process is doing this?

BR

Stephan

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
10,613 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 42,296 Reputation points
    2023-08-28T10:19:13.4433333+00:00

    Hello there,

    Please take note that no logging occurs until you set one of the following two options:

    To create a log entry when Windows Defender Firewall drops an incoming network packet, change the Log dropped packets to Yes.

    To create a log entry when Windows Defender Firewall allows an inbound connection, change Log successful connections to Yes.

    Configure the Windows Defender Firewall with Advanced Security Log https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log

    Similar discussion here https://answers.microsoft.com/en-us/windows/forum/all/system32logfilesfirewallpfirewalllog-does-not/f6acdd0c-e516-413c-a8d7-08449efb985e

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

  2. StephanG 766 Reputation points
    2023-08-28T11:55:37.2066667+00:00

    I have set this options...

    This is why it creates one directly after creating the folder and assigning the right to the MPSSVC

    0 comments No comments