Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
is there a way to see when (date) was certain rule (app blocked or allowed) ?
I don't see in fw settings anything that shows it
Page 1 of 1
firewall rule time
#1
- <°)))><
-
- Group: Members
- Posts: 595
- Joined: 27-August 09
- OS:Windows 7 x86
-
Country:
Posted 05 November 2012 - 07:29 PM
Back to top
#2
- GroupPolicy Tattoo Artist
-
- Group: Members
- Posts: 1,277
- Joined: 21-April 05
- OS:none specified
-
Country:
Posted 06 November 2012 - 04:01 PM
In the registry it is the key:
You can export that key to .txt format with regedit to see the last write time (for the entire key). If you export it to .reg format, on the bottom will be the last created values (but it's not guaranteed).
There are other registry tools that can read and display last write time of keys. I don't know if any of them can do the same for values (but I haven't looked hard). It might be impossible.
RegScanner from Nirsoft can search registry (keys only?) by date.
GL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
You can export that key to .txt format with regedit to see the last write time (for the entire key). If you export it to .reg format, on the bottom will be the last created values (but it's not guaranteed).
There are other registry tools that can read and display last write time of keys. I don't know if any of them can do the same for values (but I haven't looked hard). It might be impossible.
RegScanner from Nirsoft can search registry (keys only?) by date.
GL
This post has been edited by GrofLuigi: 06 November 2012 - 04:04 PM
#3
- <°)))><
-
- Group: Members
- Posts: 595
- Joined: 27-August 09
- OS:Windows 7 x86
-
Country:
Posted 06 November 2012 - 08:27 PM
I meant more like
for each rule
as in when was each rule made
for each rule
as in when was each rule made
#4
- GroupPolicy Tattoo Artist
-
- Group: Members
- Posts: 1,277
- Joined: 21-April 05
- OS:none specified
-
Country:
Posted 06 November 2012 - 10:30 PM
vinifera, on 06 November 2012 - 08:27 PM, said:
I meant more like
for each rule
as in when was each rule made
for each rule
as in when was each rule made
Yes, I know, but I'm not sure it's possible.
GL
#5
- <°)))><
-
- Group: Members
- Posts: 595
- Joined: 27-August 09
- OS:Windows 7 x86
-
Country:
Posted 08 November 2012 - 07:12 PM
seems it isn't
as firewall doesn't record jack s***
such disapointment...
as firewall doesn't record jack s***
such disapointment...
#6
- GroupPolicy Tattoo Artist
-
- Group: Members
- Posts: 1,277
- Joined: 21-April 05
- OS:none specified
-
Country:
Posted 09 November 2012 - 12:17 PM
Now that you mentioned it, there might be something in the firewall log (if you enable it first), but I'm almost sure there will be something in the event log (if you manage to find the event 
).
GL
).GL
#7
- <°)))><
-
- Group: Members
- Posts: 595
- Joined: 27-August 09
- OS:Windows 7 x86
-
Country:
Posted 09 November 2012 - 03:25 PM
well event viewer shows nothing (probably coz it was flushed at some time)
and firewall log doesn't even exist on my PC
and firewall log doesn't even exist on my PC
#8
- GroupPolicy Tattoo Artist
-
- Group: Members
- Posts: 1,277
- Joined: 21-April 05
- OS:none specified
-
Country:
Posted 09 November 2012 - 04:01 PM
Well, you need to turn it on http://technet.micro...y/cc742433.aspx
But I think it logs only dropped/passed packets, not creation of rules.
GL
But I think it logs only dropped/passed packets, not creation of rules.
GL
Share this topic:
Page 1 of 1