We would like to distribute a firewall program with our product.
I can configure the Windows Firewall to block outgoing connections (which it does not by default)
netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound
But then I need to know when one is blocked so it can ask if it should be unblocked.
I tried turning on logging, but it does not log the path to the exe. Is there a way to get that logged?
I posted a question on StackOverflow to try an event detection method, but if there was a way to turn on logging of the path to the exe, I wanted to know about it. I hope to stay with Java which is limited in event detection.
I don't mind calling any command-line programs, also don't mind using vbscripts. But what I need is to know as soon as an outgoing connection from an exe is blocked and which exe.
Best Answer
p0rkjello answered correctly but left key things, after struggling for hours I found the solution.
auditpol /set /subcategory:"{0CCE9226-69AE-11D9-BED3-505054503030}" /success:disable /failure:enable
event viewer
and go toWindows logs > Security
Filter log > Keywords > Select "Audit failure"
Information that can be found here are application name, destination IP, connection direction and more
Edit: On 9th April 2020
I got an easier way to check event log using PowerShell command below