Windows – Powershell: Check if the Firewall is enabled (not the profiles)

powershellwindows 10windows firewall

I'm a bit uncomfortable with how Windows 10 is displaying its Firewall status. I'm trying to audit my Windows 10 and Server 2016 devices to get the following information:

  1. Is the Windows Firewall enabled? [NOT WORKING]
  2. Are all 3 profiles enabled? [WORKING]
  3. Is there a third party Firewall enabled? [WORKING]

From this screen it looks as though everything is enabled and healthy:
Healthy FW profiles

Yet when I go up one level this is the message I see (clicking 'Turn on' does nothing):
WF disabled due to BitDefender

If I check the registry keys here for the three profiles I can see that they're all enabled: "HKLM:\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy" yet they're not actually 'enabled' because the Windows Firewall is disabled.

This little snippet detects third-party firewalls on the device:

$firewalls= @(Get-WmiObject -Namespace $securityCenterNS -class FirewallProduct -ErrorAction Stop)

if($firewalls.Count -eq 0){

    Write-Output "No third party firewall installed."

}else{ 

    $firewalls | Foreach-Object {                       
        [int]$productState=$_.ProductState
        $hexString=[System.Convert]::toString($productState,16).padleft(6,'0')
        $provider=$hexString.substring(0,2)
        $realTimeProtec=$hexString.substring(2,2)
        $definition=$hexString.substring(4,2)

        "Product Name : {0}."     -f $_.displayName
        "Service Type : {0}."     -f $SecurityProvider[[String]$provider]
        "State        : {0}.`n`n" -f $RealTimeBehavior[[String]$realTimeProtec]
    }
}

<# OUTPUT:
Product Name : Bitdefender Firewall
Service Type : AntiVirus
State        : ON
#>

Question:
How can I tell if a Windows Firewall (not just its profiles) is truly enabled or disabled? Is there a particular value I need to find in the registry? Is there a commandlet below that would quickly tell me whether the FW is actually on or not?

Firewall commandlets

Best Answer

The Windows Firewall is installed onto the OS as a service. To know if it's enabled or disabled globally then you'd need to confirm whether or not its status is "running" or "stopped".

PowerShell

$FWService = (Get-Service | ?{$_.Name -eq "mpssvc"});
$FWService | %{
    If($_.Status -eq "Running"){
        Write-Host "The $($_.DisplayName) service is running." -Foregroundcolor Green
        }Else{
        Write-Host "The $($_.DisplayName) service is stopped." -Foregroundcolor Red
        }
    };

Furthermore, as per Windows Firewall Profiles it is stated that. . .

  • Windows Firewall offers three firewall profiles: domain, private and public. The domain profile applies to networks where the host system can authenticate to a domain controller. The private profile is a user-assigned profile and is used to designate private or home networks. Lastly, the default profile is the public profile, which is used to designate public networks such as Wi-Fi hotspots at coffee shops, airports, and other locations.

So this means that Windows Firewall can be disabled or enabled at these three profile levels as well and thus to confirm if it's enabled or disabled here, you'll need to check the status of these profiles.

Powershell

$FWProfiles = (Get-NetFirewallProfile);
Write-Host "Windows Firewall Profile Statuses" -Foregroundcolor Yellow;
$FWProfiles | %{
    If($_.Enabled -eq 1){
        Write-Host "The Windows Firewall $($_.Name) profile is enabled"  -Foregroundcolor Green
        }Else{
        Write-Host "The Windows Firewall $($_.Name) profile is disabled" -Foregroundcolor Red
        } 
    };

Further Resources