Windows Monitor - Firewall Script

Problem Overview

Many organizations struggle to ensure that Windows Firewall remains consistently active across all network profiles, leaving devices vulnerable to threats. This script resolves the issue by quickly detecting whether any firewall profile is enabled, so administrators can immediately address potential security gaps.

Description

The script examines the status of each Windows Firewall profile—domain, private, and public. If it finds even one profile with its firewall enabled, it returns a success message and a zero exit code; otherwise, it delivers an alert and exits with a non-zero code, triggering any follow-up actions within Level. By scanning multiple profiles, it provides a comprehensive firewall assessment without additional manual checks.

Script

1<#
2This resource is provided as a convenience for Level users. We cannot 
3guarantee it will work in all environments. Please test before deploying 
4to your production environment. We welcome contributions to our community 
5library
6
7Level Library
8https://level.io/library/script-windows-check-firewall
9#>
10
11# Initialize a variable to track if any firewall profile is active
12$firewallActive = $false
13
14# Function to check the status of Windows Firewall for all profiles
15function Check-FirewallStatus {
16    $profiles = Get-NetFirewallProfile
17    foreach ($profile in $profiles) {
18        $status = $profile.Enabled
19        $name = $profile.Name
20        if ($status -eq "True") {
21            Write-Host "$name profile firewall is ENABLED."
22            $global:firewallActive = $true
23        }
24        else {
25            Write-Host "$name profile firewall is DISABLED."
26        }
27    }
28}
29
30# Check firewall status for all profiles
31Check-FirewallStatus
32
33# Determine script exit code based on firewall status
34if ($firewallActive) {
35    Write-Host "SUCCESS: At least one firewall profile is active."
36    exit 0
37}
38else {
39    Write-Host "ALERT: No active firewall profiles detected."
40    exit 1
41}
42

Use Cases

• Verifying that Windows Firewall remains enabled after software updates
• Alerting administrators immediately if no firewall profiles are active
• Enhancing security for remote or hybrid workforce endpoints
• Integrating with automated remediation workflows that can re-enable the firewall

Recommendations

• Configure a script-based monitor in Level to periodically run this script and alert on inactive firewalls
• Pair with an automation remediation process to automatically enable the firewall if disabled
• Test the script on a non-production system first to confirm the logic matches your environment
• Customize output messages or logic for specific compliance standards or organizational policies

FAQ

• Does the script require any additional privileges?
  ‍No, Level runs scripts with System-level permissions on Windows, so no special elevation is needed.

• What happens if none of the firewall profiles are active?
  ‍The script exits with a non-zero code and outputs an alert, prompting Level to trigger notifications or remediation steps.

• Can I modify which profiles are checked?
  ‍The script automatically checks all available profiles (Domain, Private, Public), but you can edit the PowerShell commands if you only care about specific profiles.

• Is this script compatible with older versions of Windows?
  ‍It uses Get-NetFirewallProfile, which is part of more recent Windows PowerShell modules. On older systems, you may need to adapt the script for the netsh firewall commands.