The Forefront Client Security Team writes:

Today we published another Security State Assessment (SSA) definition update on Microsoft Update!

Included in this release is a new check that will provide visibility into end-user configuration of the Windows Firewall. When used with Group Policy, this new functionality aids in firewall management.

The Windows Firewall check reports on:

·         Firewall status (on/off)

·         User-defined exceptions

·         Applicability to each network interface

Determining firewall status:

·         If Windows Firewall is disabled on any network interface, the score is “High”

·         If Windows Firewall is configured by Group Policy, the score is “Informational

Visibility into firewall exceptions:

·         Enumerates each port and application exception

·         Any exception not configured via Group Policy, the score is “Medium”

·         If configured by Group Policy, the score is “Informational”

There’s more…