Netsh.exe advfirewall firewall add rule name="Block regsvr32.exe netconns" program="%systemroot%\system32\regsvr32.exe" protocol=tcp dir=out enable=yes action=block profile=any When you don’t want to use the migration tool to migrate your firewall rules to Intune you could also use a PowerShell script! You could use Netsh to add some Firewall rules! Netsh.exe advfirewall firewall add rule name="Block Notepad.exe netconns" program="%systemroot%\system32\notepad.exe" protocol=tcp dir=out enable=yes action=block profile=any Don’t forget to launch PowerShell as an AdminĪfter installing all of the required modules it prompted me for my Microsoft credentials.Īfter entering the correct Microsoft Tenant Admin credentials the Firewall rules were exported and imported successfully in Intune. So it’s great there is a tool now to migrate them to Intune! So download the tool and start migrating them! I will show you some stuff you need to beware off.īefore I could do anything, I needed to remove the _PSLOCKDownPolicy to 1.…Otherwise, you are stuck to the constrained language mode. In most companies, the Defender Firewall rules are centrally managed and deployed with Group policies. I couldn’t edit the imported rules but now, after a few months, it works great!
When I first wrote this blog (2020-07), the Microsoft defender firewall rule migration tool was released, the first time I tested it, it didn’t work as expected.
Deploying Rules with the Firewall Migration Tool So when we don’t need this port for outbound traffic, why not block it? 2. You could add some allow or deny rules to your existing configuration.Īs a good example: Do you know which ports are most used to establish a reverse PowerShell? TCP port 444 is one of the many examples.Īn introduction to Reverse Shells – JCore Blog The Windows Firewall is enabled by default, but it still needs some additional configuration when you want to add an additional layer to your defense. You really don’t want to have unauthorized network traffic coming from and to your Windows 10 Devices. Automatically deploying rules with Intune (Endpoint Security)Ĭonfiguring Windows Defender Firewall rules on your Windows 10 or 11 device shouldn’t be forgotten.Manually deploying rules with Intune (Endpoint Security).Deploying Rules with the Firewall Migration Tool.I will divide this blog into multiple parts This blog is the seventh part of the Endpoint Security Series, I’ll explain how to deploy your Windows Defender firewall baseline policy rules into Intune.
0 kommentar(er)
