Hello all.
I have the problem. And I want to ask you 2 questions, please.
On a remote server with Windows Server 2012R2 EventLog began to appear "Failure Audit". IP addresses are different every day, but in a lot of matches throughout the day.
I wrote a ps script that collects the data for the day and adds "bad" IP addresses to the scope of inboung firewall rule named as "BAD_Guys".
This rule has block action.
The default behavior for any inbound profile is "Block".
But in spite of this rule - I continue to observe the appearance of failure audit from bad IP addresses that are listed in the rule "BAD_guys."
This is the first question - Why it can continue occure? Why inbound connections from blocked IP addresses still continues?
Then, I accidentally wandered into a snap-in Control Panel \ System and Security \ Allow an app through Windows firewall. As I understood this list shows allowed applications for remote accessing. In this list there is a mine rule (BAD_Guys) and it is marked ON.
The second question - creating blocking rule in Windows firewall makes the allow rule in snup-in "Allow an app through Windows firewall". Why? Is this a conflict?
I have the problem. And I want to ask you 2 questions, please.
On a remote server with Windows Server 2012R2 EventLog began to appear "Failure Audit". IP addresses are different every day, but in a lot of matches throughout the day.
I wrote a ps script that collects the data for the day and adds "bad" IP addresses to the scope of inboung firewall rule named as "BAD_Guys".
This rule has block action.
The default behavior for any inbound profile is "Block".
But in spite of this rule - I continue to observe the appearance of failure audit from bad IP addresses that are listed in the rule "BAD_guys."
This is the first question - Why it can continue occure? Why inbound connections from blocked IP addresses still continues?
Then, I accidentally wandered into a snap-in Control Panel \ System and Security \ Allow an app through Windows firewall. As I understood this list shows allowed applications for remote accessing. In this list there is a mine rule (BAD_Guys) and it is marked ON.
The second question - creating blocking rule in Windows firewall makes the allow rule in snup-in "Allow an app through Windows firewall". Why? Is this a conflict?
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
