Computer Protection: firewall log file
How i can identify what rule in psb portal/profile/firewall is responsible for block action.
In log file i have numbers like [1070.5f94]
Where can find it in psb portal?
What is the name of a filter in Blocks.log?
Filter names are provided by Windows Firewall and not always have the same name as you define in profile editor.
For instance, I just created rule "Test block skype" and got this in Blocks.log (note that name of filter is the same as I used in portal):
2018-09-10 14:08:00.960 [62fc.5e50] I: Type: FWPM_NET_EVENT_TYPE_CLASSIFY_DROP. Dropped by filter: Test Block skype, . Dropped by layer: ALE Connect v4 Layer. Direction: outbound. Local port: 61537. Remote port: 5061. IPv4 local address: N.N.N.N. IPv4 remote address: N.N.N.N. Application: \device\harddiskvolume4\...\lync.exe
In case if name does not match, to guess rule which blocked it, you would need to check other params like ports, IP addresses etc and Application and try to map it to one of rules in currently selected firewall profile.0