Systems Management

Review this page.
https://www.windowscentral.com/how-use-windows-defender-command-prompt-windows-10

Here you can find the usual commands, which you can use in a Custom Inventory Rule to report the status.

I use a Custom inventory Rule, and works like a charm for my needs.

ShellCommandTextReturn(powershell.exe -NoLogo -NonInteractive -NoProfile -Command "Get-NetFirewallProfile | Select Name, Enabled")

The result in the Inventory looks like this:

My Report shows all devices, but you can filter it to only show anything with a False for Domain for example

The KACE Appliance can Report about Registry status.... These are called custom inventory rule.

You will need to tell the appliance what Key or Keys to look for and give it a name...

The problem is Microsoft constantly changes the registry and the firewall status is tied to a couple of registry keys...

See:

https://www.wintips.org/how-to-disable-defender-antivirus-firewall-in-windows-10/

Look at the amount of keys they mod to turn off the firewall, you will need a Custom Inventory rule to check the status of all of those keys...

Like if 

Key A=1 and Key B=1 and Key C=1  then it will fall into the creteria of a Custom Inventory Rule named "Win Defender Firewall Enabled"

Custom Inventory Rules where very popular for customers who wanted to report on each version of Internet Explorer a couple of years ago, see:

https://www.itninja.com/blog/view/kace-custom-inventory-rules-101

There is also another possibility, if you could get the status of that firewall via powershell , you could simply use a Custom Inventory Rule with the ShellCommandTextReturn function, and that will gather the status into the inventory, without having to query the registy places.

What I do,

I set up a custom rule with:

RegistryValueEquals(HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications,DisableNotifications,00000001)

Then I have a smart label that detects windows 10 devices that DO NOT have this custom inventory item..

Then a script is set on a schedule to set this registry key on the smart label devices..

Works for us real well

Might suggest this if you only care if any of the Firewalls are off or inbound policy is set not to block or add the "Enabled,DefaultInboundAction" to the example above

Yes you can have the firewall on but if you allow incoming connects by default do you really have a firewall?

ShellCommandTextReturn(powershell.exe -NoLogo -NonInteractive -NoProfile -Command "Get-NetFirewallProfile  | Where-Object {$_.enabled -ne 'True' -or $_.DefaultInboundAction -ne 'Block'} | Select Name, Enabled,DefaultInboundAction")