Based on every reference posted, for outgoing connections the firewall can log only the ip address and port, not the name and path of the program requesting the connection, and that's that.
Firewall Logging - Outbound Program Names?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
How can I add to the advanced firewall logs the specific names of outbound programs each time they are blocked?
I've set the built-in firewall (advanced) so outbound connections that do not match a rule are blocked, and I'm adding per-program outbound rules as needed. That works perfectly, but I also want to log the name of each program that FAILS to get an outbound connection, to help me decide what rules to add. I enabled logging for both dropped packets and successful connections in all three profiles temporarily, and in event viewer I enabled the verbose log for the firewall. My own firewall rule change events and pfirewall.log file are being populated, but neither shows the names of individual blocked outgoing applications.
What might I have missed?
Windows for home | Previous Windows versions | Windows update
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Answer accepted by question author
Anonymous
8 additional answers
Sort by: Most helpful
-
Anonymous
2010-06-27T09:08:14+00:00 Hi,
Wonder if its possible that you don't understand the topic....... the question added by the 2nd OP
I answered was about Outbound Logging.
Have a nice day.
Rob Brown - MS MVP - Windows Desktop Experience : Bicycle - Mark Twain said it right.
It looks like correct answer is short: Windows 7 Firewall can't log outbound connections (Home Premium version at least). Instead of that we've got tons of useless links wasting our time.
-
Anonymous
2010-06-11T15:03:49+00:00 How can I add to the advanced firewall logs the specific names of outbound programs each time they are blocked?
I've set the built-in firewall (advanced) so outbound connections that do not match a rule are blocked, and I'm adding per-program outbound rules as needed. That works perfectly, but I also want to log the name of each program that FAILS to get an outbound connection, to help me decide what rules to add. I enabled logging for both dropped packets and successful connections in all three profiles temporarily, and in event viewer I enabled the verbose log for the firewall. My own firewall rule change events and pfirewall.log file are being populated, but neither shows thenames of individual blocked outgoing applications.
What might I have missed?
Same question here. I can get the firewall to block outbound connections, and I know how to put exceptions in. But, how do I know what to 'un-block'? You can't necessarily unblock a single EXE file and have everything work. For example, I cannot get my virus scanner (McAfee) to update. I've unblocked what I think is the update application but apparently there's more that one application in play. Does the Windows 7 firewall log blocked outbound applications?
-
Anonymous
2010-03-25T11:58:59+00:00 Thanks, but neither of those links helps me add the particular logging feature I need.
-
Anonymous
2010-03-24T21:36:43+00:00 Hi,
Check these :
How to Add or Delete an Exception in Windows Firewall in Vista
http://www.vistax64.com/tutorials/65334-windows-firewall.html
How to Use Windows Firewall With Advanced Security in Vista
http://www.vistax64.com/tutorials/92748-windows-firewall-advanced-security.html
Hope this helps.
Rob - Bicycle - Mark Twain said it right.