Hello, if somebody is interested, I've try so many tools, without succes, except one, Symantec EndPoint Protection. At this time of my tests, it's possible to activate the firewall, and desactivate the active response. SEP logs all my scan ports, without blocking it. It's all I wanted. I've seen there is some logs on C:\Program data\symantec\SEP\..\Data \Logs\seclog.log I haven't write any rules and decoder about this logs, but I'm working on it.
On 12 juil, 15:15, Blauch Armand <[email protected]> wrote: > Hello, > I'm looking for an equivalent ofportsentryfor windows machine (w2003 > and w2008). I look for something first for scans ports detection and > then to log on a output file easy to read for ossec. > I'm trying some configurations tests with windows firewall, but it > doesn't work at this time. > May be somebody already know a solution?
