Firewall Alerts, but firewall is enabled


Took over a client where the previous MSP had firewall disabled on all machines. All machines are domain joined, so no problem. Created a GPO that enables firewall on all machines, and set up any rules where needed.
Unfortunately the monitoring from Syncro keeps stating that the public static and private static Windows Firewalls are currently disabled.

If I run “netsh advfirewall show all state” , both public and private show up as OFF.
If I do “Get-NetfirewallProfile -PolicyStore ActiveStore” , all firewalls show up as Enabled.
GUI shows all Enabled as well.

Seems Syncro only uses the local policy to verify status?

Hey JoCald,

Did you ever get this figured out? We get a few alerts a week for firewall (as well as AV) being disabled, I was wondering if it might be related to what you have found.

Hi Luke,

Since the netsh command showed OFF in my case, which I assume is what Syncro uses to monitor the firewall status, I ran “netsh advfirewall set allprofiles state on” on all the devices with alerts.

Syncro now shows the firewall as enabled.

Never had an issue with AV though.