|Firewall policy / Basic firewall configuration|
You can enable monitor mode on test computers and use the Firewall Event Viewer to view which traffic, applications, and processes are being used.
If you do not want to allow unknown traffic by default, you can use interactive mode.
In interactive mode, the firewall prompts the user to allow or block any applications and traffic for which it does not have a rule. For details, see Interactive mode.