Issue:
- Windows Firewall status is red with error message: "Windows Defender Firewall is using settings that make the device unsafe"
- The Windows Firewall state is set to: ON
- Both Inbound and Outbound unknown connections is set to: Allow
Resolution:
If Windows Firewall is showing its status as a red white cross, and the message: "Windows Defender Firewall is not using the recommended settings to protect your computer". This could be if both of the following settings have been set to allow:
- Inbound connections that do not match a rule are allowed
- Outbound connections that do not match a rule are allowed
Unknown inbound connections should not be allowed. This setting can have been changed either from the WithSecure firewall profile or by using GPO.
In Policy Manager Console make sure that the setting has not been set using the WithSecure firewall profile:
- Open the Policy Manager console
- Select the host or domain from the Domain Tree
- Click on the Settings tab
- Go to the Firewall settings page
- Ensure the value under "Profile being edited" is the current profile in use
- Set the value of Unknown inbound connections to Block
- Distribute the profile (ctrl +D)
In Elements Security Center make sure that the setting has not been set using the WithSecure firewall profile:
- Login to Elements Security Center: https://elements.withsecure.com/
- Go to Security Configurations
- Click on Profiles
- Choose the Profile in use
- Click on the Firewall tab in the left sidebar
- Choose the Firewall in use
- Check that Allow unknown inbound connections and Allow unknown outbound connections are not both set to ON
Once the host receives the new profile the firewall should stop displaying the message and the status should turn to green.
If the Windows Firewall would still show "Inbound connections that do not match a rule are allowed", make sure that the setting has not been forced using GPO.
Article no: 000018337