Policy

Windows Defender Firewall: Allow logging

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Defender Firewall > Domain Profile
Supported onAt least Windows XP Professional with SP2

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Defender Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Defender Firewall does not provide an option to log successful incoming messages. If you are configuring the log file name, ensure that the Windows Defender Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log. If you disable this policy setting, Windows Defender Firewall does not record information in the log file. If you enable this policy setting, and Windows Defender Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Defender Firewall leaves the log file intact. If you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled.

Internal name
WF_Logging_Name_1
Policy ID
ab3fe67b2a10
Elements
4

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogDroppedPacketsREG_SZ
0
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnectionsREG_SZ
0

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Log file path and name:
ID WF_Logging_LogFilePathAndName
text
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFilePath
Type REG_SZ
None
Size limit (KB):
ID WF_Logging_SizeLimit
decimal
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFileSize
Type REG_DWORD
Range: 128 to 32767
Log dropped packets
ID WF_Logging_LogDroppedPackets
boolean
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogDroppedPackets
Type REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Log successful connections
ID WF_Logging_LogSuccessfulConnections
boolean
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnections
Type REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0

Other policies in this category

Explore related policies at the same level.

View all policies in this category