Category: Use Case 
Module: Firewall Management
Testing Time: 30 min

This use case shows you how firewall management provides reliable. fast and simple protection for your own devices. 

1. What is the use case about?

Windows Defender Firewall is an important tool that protects your system from harmful malware.
With  DriveLock you can manage the Windows Defender Firewall from a central location. This allows you to easily configure rules for specific groups of computers.
DriveLock is capable of expanding the built-in functionality of the firewall by dynamically adding and removing rules based on conditional settings.

2. How does it affect your client computer?

After assigning the Activate Firewall Management group, the control of Windows Firewall by DriveLock is activated.

All outgoing rules are blocked by default so that no external communication can take place if malware is present. The necessary outgoing and incoming rules are then defined so that the necessary tools can still be used. If some programs no longer work, rules must be created in the policy. 

The policy also contains a set of predefined inbound and outbound rules that block certain ports, protocols and programs.

3. How to monitor the results in the DOC?

You can check the firewall status based on following incidents:

To get a quick overview of firewall events, you can select the predefined event filter Events > Operating system management > Firewall.

A preconfigured view is available in the filter area under Analytics > Events.

This filter contains events with the following event IDs: 465, 468, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748.