I would like to forward firewall denies from my managed clients to my ePO server. I have gotten this to work by adding a, "Deny Unsolicited" rule to the end of my Firewall policy and marking it to log matching events.
This has the unfortunate side effect of preventing end-users from adding their own rules (as the events hit my deny unsolicited first).
In "Firewall Options" there is an option to, "Log all blocked traffic" that I have checked and this causes the agent to log the deny locally into the "FirewallEventMonitor" file.
However, this does not cause the deny event to populate in the EPS client UI, does not cause the event to populate in the Windows Event Log (per the agent logging setting for Windows) and it does not cause the event to be forwarded to the ePO server.
Is there anyway to cause the global deny in my firewall policy to actually log the activity and forward it to my ePO server?