Windows Firewall Log

See https://security.stackexchange.com/questions/166875/how-do-i-access-a-firewall-log-windows-10-w-windows-defender.

1. Configuration

Start Local Group Policy Editor (gpedit.msc) with administrative privileges.
Select Computer Configuration > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security.
Select Windows Defender Firewall with Advanced Security.
Select Windows Defender Firewall Properties.

Select the Domain Profile tab.
Click Logging | Customize.
Select Log dropped packets | Yes.
Click OK.
Select the Private Profile tab.
Click Logging | Customize.
Select Log dropped packets | Yes.
Click OK.
Select the Public Profile tab.
Click Logging | Customize.
Select Log dropped packets | Yes.
Click OK.

Click OK.
Close Local Group Policy Editor.

Turn off the Windows Defender Firewall for the Domain, Private and Public networks.

Turn on the Windows Defender Firewall for the Domain, Private and Public networks.

netsh.exe advfirewall show allprofiles
netsh.exe advfirewall set allprofiles state off
netsh.exe advfirewall show allprofiles
netsh.exe advfirewall set allprofiles state on
netsh.exe advfirewall show allprofiles

2. Log File

Open the %WinDir%\System32\LogFiles\Firewall\pfirewall.log file in your favourite editor.

3. Unconfiguration

Start Local Group Policy Editor (gpedit.msc) with administrative privileges.
Select Computer Configuration > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security.
Select Windows Defender Firewall with Advanced Security.
Select Windows Defender Firewall Properties.
Select Log dropped packets | Not configured for the Domain, Private and Public profiles.
Close Local Group Policy Editor.

Windows Firewall Log

Home

1. Configuration

2. Log File

3. Unconfiguration