FW Not Installed is the reason for security audit failure

SOLVED
cmiarshvac
Getting noticed

FW Not Installed is the reason for security audit failure

I have a Client Security Report run every week.  In the Security Policy under the Desktop section,  i have the Firewall Enabled option  "checked".  For all of my Windows 10 clients, the Windows Firewall is enabled.  The security report shows that each W10 client fails for these reasons: "FW not Installed"; "FW not enabled".  Does anyone know what is settings is being interrogated to confirm Firewall is Installed and Enabled on Windows 10 clients?  

1 ACCEPTED SOLUTION

Bonjour @cmiarshvac 

I actually dealt with Meraki support yesterday over this issue.  They had me run this command at a DOS prompt (it's the command that the agent used to check complaince)

 

WMIC /Namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get * /Format:List

 

That should listdisplayName=Windows Defender and productState=397568 (product state might vary... would have to confirm with Meraki)

 

If it doesn't list Windows Defender open a ticket with them... but if it does like mine did, they had me turn off the Defender on the system in question and turn it back on.  What I did was disable all part of defender, waited a few minutes and rebooted.  The reboot turns the Real Time Protection back on by default, and I manually turned on the other components.  My system showed up secure and compliant within an hour!! 

View solution in original post

6 REPLIES 6
BlakeRichardson
Kind of a big deal
Kind of a big deal

What AV are you using, some antivirus software disables windows firewall and run their own version. 

Hello Blake,

I am running Webroot. I asked them about their firewall interaction. Their response: "Webroot's firewall only covers outbound traffic as we utilize Windows Firewall to cover inbound traffic."

Greetings~ was any resolution found for this issue?  Currently, I have a baseline Windows 10 Client that does not have any 3rd party AV. Windows Defender and Windows Firewall are both enabled / running / updated....  but it is also failing due to "FW not installed, FW not enabled, AV not running".

No resolution yet.  If someone from Meraki could comment about what is being queried to confirm FW and AV being enabled we might be able to adjust settings to get a good report.  

Bonjour @cmiarshvac 

I actually dealt with Meraki support yesterday over this issue.  They had me run this command at a DOS prompt (it's the command that the agent used to check complaince)

 

WMIC /Namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get * /Format:List

 

That should listdisplayName=Windows Defender and productState=397568 (product state might vary... would have to confirm with Meraki)

 

If it doesn't list Windows Defender open a ticket with them... but if it does like mine did, they had me turn off the Defender on the system in question and turn it back on.  What I did was disable all part of defender, waited a few minutes and rebooted.  The reboot turns the Real Time Protection back on by default, and I manually turned on the other components.  My system showed up secure and compliant within an hour!! 

Thanks for the follow up. I will give this a try.
Get notified when there are additional replies to this discussion.