Windows 7: Windows Firewall: Logging/Notifying on Outgoing Request Attempts

Posted by Maxim Z. on Super User See other posts from Super User or by Maxim Z.
Published on 2010-01-19T05:07:37Z Indexed on 2010/03/23 20:03 UTC
Read the original article Hit count: 547

I'm trying to configure Windows Firewall with Advanced Security to log and tell me when programs are trying to make outbound requests. I previously tried installing ZoneAlarm, which worked wonders for me with this in XP, but now, I'm unable to install ZA on Win7. My question is, is it possible to somehow monitor a log or get notifications when a program tries to do that if I set all outbound connections to auto-block, so that I can then create a specific rule for the program and block it.?

Thanks!

UPDATE: I've enabled all the logging options available through the Properties windows of the Windows Firewall with Advanced Security Console, but I am only seeing logs in the %systemroot%\system32\LogFiles\Firewall\pfirewall.log file, not in the Event Viewer, as the first answer suggested. However, the logs that I can see only tell me the request's or response's destination IP and whether the connection was allowed or blocked, but it doesn't tell me what executable it comes from. I want to find out the file path of the executable that each blocked request comes from. So far, I haven't been able to.

© Super User or respective owner

Related posts about windows-7

Related posts about firewall