Firewall Log Folder & Logs missing on some servers

Question

Hi everyone,

i recently noticed that on some servers the Firewall Log Folder is missing.

Typically on those i accessed them (and needed to elevate to access them).

I then recreate the Log Folder and add mpsvc as the Owner - then logging continues. But this cannot be normal behaviour.

I have Defender for Endpoint installed but i did not find the possibility to hunt for it.

Anyone else have these problems or can give me a hint how to find out which process is doing this?

BR

Stephan

Answer 1

Hello there,

Please take note that no logging occurs until you set one of the following two options:

To create a log entry when Windows Defender Firewall drops an incoming network packet, change the Log dropped packets to Yes.

To create a log entry when Windows Defender Firewall allows an inbound connection, change Log successful connections to Yes.

Configure the Windows Defender Firewall with Advanced Security Log https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log

Similar discussion here https://answers.microsoft.com/en-us/windows/forum/all/system32logfilesfirewallpfirewalllog-does-not/f6acdd0c-e516-413c-a8d7-08449efb985e

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–

Answer 2

I have set this options...

This is why it creates one directly after creating the folder and assigning the right to the MPSSVC