Category: Use Case 
Module: Firewall Management
Testing Time: 30 min

This use case shows you how firewall management provides reliable. fast and simple protection for your own devices. 

1. What is the use case about 

Windows Defender Firewall is an important tool that protects your system from harmful malware.
With  DriveLock you can manage the Windows Defender Firewall from a central location. This allows you to easily configure rules for specific groups of computers.
DriveLock is capable of expanding the built-in functionality of the firewall by dynamically adding and removing rules based on conditional settings.

2. Effects on the client computer

All outbound rules are blocked by default, which means that outbound communication will not take place if malware is detected. You  can define outbound and inbound rules so that the required tools can still be used. In case some programs stop working you need to create rules for them in the policy.

3. How to monitor the results in the DOC

You can check the firewall status based on following incidents:

To get a quick overview of firewall events, you can select the predefined event filter Events > Operating system management > Firewall.

Or you can create a new view by clicking on the three dots in the upper right corner under Analysis > Events. There you select Save as new preconfigured view.

Enter a name for the view and, if required, a description. Then choose an icon with color.

In the Filter tab, select the Event ID property and and the operator in list (comma separated). For the value, specify all firewall relevant event IDs.
These are: 465, 468, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748.
Then confirm by clicking Add.  

The preconfigured view can be found in the Events tab.