Windows Firewall | Harden System Security

• Sets the Network Location of all connections to Public; Public network means less trust to other network devices.

• Makes sure Windows Firewall is enabled for all profiles (which is the default) CSP CSP CSP

• Enables notifications in all 3 profile types to be displayed to the user when an application is blocked from listening on a port. CSP CSP CSP

• Enables Windows Firewall logging for Domain, Private and Public profiles, sets the log file size for each of them to the max 32.767 MB. Defines separate log files for each of the firewall profiles. Logs only dropped packets for Private and Public profiles, Logs both dropped and successful packets for Domain profile. CSP CSP CSP CSP CSP CSP CSP CSP CSP

• Disables Multicast DNS (mDNS) UDP-in Firewall Rules for all 3 Firewall profiles, This might interfere with Miracast screen sharing, which relies on the Public profile, and homes where the Private profile is not selected, but it does add an extra measure of security in public places, like a coffee shop.
  • The domain name .local which is used in mDNS (Multicast DNS) is a special-use domain name reserved by the Internet Engineering Task Force (IETF) so that it may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet.