Detect Addition of New Firewall Rules in Defender Firewall
The release of this old blog is prompted by this nice article on silencing Microsoft Defender for Endpoint (previously Microsoft Defender ATP) using firewall rules. The author of that blog pointed how he didn’t found a proper way of detecting the creation of firewall rules. As pointed by him, Event ID 4947 only shows the […]