id: windows-firewall-disabled

info:
  name: Windows Firewall Disabled
  author: princechaddha
  severity: high
  description: Checks if Windows Firewall is disabled on any network profile.
  impact: |
    Disabling the firewall may leave the system vulnerable to external attacks.
  remediation: |
    Ensure that the Windows Firewall is enabled for all network profiles.
  tags: windows,firewall,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-NetFirewallProfile | Where-Object { $_.Enabled -eq "False" }

    matchers:
      - type: word
        words:
          - "False"
# digest: 490a00463044022042b6032d7d469db4fdcb19cf56642c84546d36fe7866c6e614527b67b255db5802201512b59259ec05ecc2fa56d311a3585e8315dcf393730371a559102ed19c829c:922c64590222798bb761d5b6d8e72950