Hello,
does anyone know a nice software or script to export Windows Firewall rules from the Registry to a csv file or any other human readable format? Currently i am comparing those rules to check for any anomaly…
best regards,
Robin
If you can share a sample (you didn't mention which version of Windows you're working with) I could write a RegRipper plugin, or extend the current fw_config.pl plugin.
If you can share a sample (you didn't mention which version of Windows you're working with) I could write a RegRipper plugin, or extend the current fw_config.pl plugin.
Harlan, i had a look at your Regripper at first -)
Currently i am interested in analyzing the data from
\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\FirewallRules\
\RestrictedServices\AppIso\FirewallRules
RestrictedServices\Configurable\System
\RestrictedServices\Static\System
and compare it to
\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules
to detect any added or modified firewall rules.
If you want to modify the existing plugin, you could read the logging configuration from
\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\DomainProfile\Logging
\PublicProfile\Logging
\StandardProfile\Logging
That would be nice, a valuable addition for Regripper and a help for me and any other analyst!
The mentioned OS is Windows 10.
best regards, Robin
Edit shortened the registry path and added the OS
Robin,
If you can share a sample…
Do you have any exemplar data that you can share?