Does Windows Firewall have the ability to log which exe is blocked?

p0rkjello answered correctly but left key things, after struggling for hours I found the solution.

1. Open CMD with administrator privilege, paste command auditpol /set /subcategory:"{0CCE9226-69AE-11D9-BED3-505054503030}" /success:disable /failure:enable
2. Open event viewer and go to Windows logs > Security
3. From right side panel select Filter log > Keywords > Select "Audit failure"

Information that can be found here are application name, destination IP, connection direction and more

Edit: On 9th April 2020

I got an easier way to check event log using PowerShell command below

Get-EventLog security -newest 10 -InstanceId 5157 -Message *Destination* |  Select @{Name="message";Expression={ $_.ReplacementStrings[1] }}

• Replace newest 10 with number of entries you want to search
• Select @{Name="message";Expression={ $_.ReplacementStrings[1] }} extracts application name.

I believe this is what you are looking for: application logging

Once this is configured it will be logged in the system log and the application name will be listed.

As it has been pointed out by the link, a right source is auditing events of the Windows Filtering Platform. We can output needed data with the following cmd-script:

@echo off
for /f "tokens=2 delims==" %%s in ('wmic os get LocalDateTime /value') do set datetime=%%s
auditpol /set /subcategory:{0CCE9225-69AE-11D9-BED3-505054503030} /failure:enable > nul
pause
wmic ntevent where "LogFile='security' AND EventCode = 5152 AND TimeGenerated > '%datetime%'" get InsertionStrings
auditpol /set /subcategory:{0CCE9225-69AE-11D9-BED3-505054503030} /failure:disable > nul

"{0CCE9225-69AE-11D9-BED3-505054503030}" is the GUID of an event "Filtering Platform Packet Drop", 5152 is it's code. At the pause time run a program / program's action of interest and resume the script when a test finishes. Sample output:

InsertionStrings

{"504", "\device\harddiskvolume2\windows\system32\svchost.exe", "%%14592", "10.0
.0.254", "67", "255.255.255.255", "68", "17", "89509", "%%14610", "44"}
{"3348", "\device\harddiskvolume2\another\program.exe", "%%14593", "10.0.0.1", "
52006", "123.123.123.123", "80", "6", "89523", "%%14611", "48"}

With get Message /value instead of get InsertionStrings in wmic command, output is more informative but also much longer:

Message=The Windows Filtering Platform has blocked a packet.

Application Information:
        Process ID:             3128
        Application Name:       \device\harddiskvolume2\path\to\program.exe

Network Information:
        Direction:              Outbound
        Source Address:         10.0.0.1
        Source Port:            50099
        Destination Address:    1.2.3.4
        Destination Port:               80
        Protocol:               6

Filter Information:
        Filter Run-Time ID:     69203
        Layer Name:             Connect
        Layer Run-Time ID:      48

These are just excerpts from the security log, which are accessible in GUI too.

This vbscript will enumerate through the Windows Firewall rule settings:

'  This VBScript file includes sample code that enumerates
'  Windows Firewall rules using the Microsoft Windows Firewall APIs.


Option Explicit

Dim CurrentProfiles
Dim InterfaceArray
Dim LowerBound
Dim UpperBound
Dim iterate
Dim rule

' Profile Type
Const NET_FW_PROFILE2_DOMAIN = 1
Const NET_FW_PROFILE2_PRIVATE = 2
Const NET_FW_PROFILE2_PUBLIC = 4

' Protocol
Const NET_FW_IP_PROTOCOL_TCP = 6
Const NET_FW_IP_PROTOCOL_UDP = 17
Const NET_FW_IP_PROTOCOL_ICMPv4 = 1
Const NET_FW_IP_PROTOCOL_ICMPv6 = 58

' Direction
Const NET_FW_RULE_DIR_IN = 1
Const NET_FW_RULE_DIR_OUT = 2

' Action
Const NET_FW_ACTION_BLOCK = 0
Const NET_FW_ACTION_ALLOW = 1


' Create the FwPolicy2 object.
Dim fwPolicy2
Set fwPolicy2 = CreateObject("HNetCfg.FwPolicy2")

CurrentProfiles = fwPolicy2.CurrentProfileTypes

'// The returned 'CurrentProfiles' bitmask can have more than 1 bit set if multiple profiles 
'//   are active or current at the same time

if ( CurrentProfiles AND NET_FW_PROFILE2_DOMAIN ) then
   WScript.Echo("Domain Firewall Profile is active")
end if

if ( CurrentProfiles AND NET_FW_PROFILE2_PRIVATE ) then
   WScript.Echo("Private Firewall Profile is active")
end if

if ( CurrentProfiles AND NET_FW_PROFILE2_PUBLIC ) then
   WScript.Echo("Public Firewall Profile is active")
end if

' Get the Rules object
Dim RulesObject
Set RulesObject = fwPolicy2.Rules

' Print all the rules in currently active firewall profiles.
WScript.Echo("Rules:")

For Each rule In Rulesobject
    if rule.Profiles And CurrentProfiles then
        WScript.Echo("  Rule Name:          " & rule.Name)
        WScript.Echo("   ----------------------------------------------")
        WScript.Echo("  Description:        " & rule.Description)
        WScript.Echo("  Application Name:   " & rule.ApplicationName)
        WScript.Echo("  Service Name:       " & rule.ServiceName)
        Select Case rule.Protocol
            Case NET_FW_IP_PROTOCOL_TCP    WScript.Echo("  IP Protocol:        TCP.")
            Case NET_FW_IP_PROTOCOL_UDP    WScript.Echo("  IP Protocol:        UDP.")
            Case NET_FW_IP_PROTOCOL_ICMPv4 WScript.Echo("  IP Protocol:        UDP.")
            Case NET_FW_IP_PROTOCOL_ICMPv6 WScript.Echo("  IP Protocol:        UDP.")
            Case Else                      WScript.Echo("  IP Protocol:        " & rule.Protocol)
        End Select
        if rule.Protocol = NET_FW_IP_PROTOCOL_TCP or rule.Protocol = NET_FW_IP_PROTOCOL_UDP then
            WScript.Echo("  Local Ports:        " & rule.LocalPorts)
            WScript.Echo("  Remote Ports:       " & rule.RemotePorts)
            WScript.Echo("  LocalAddresses:     " & rule.LocalAddresses)
            WScript.Echo("  RemoteAddresses:    " & rule.RemoteAddresses)
        end if
        if rule.Protocol = NET_FW_IP_PROTOCOL_ICMPv4 or rule.Protocol = NET_FW_IP_PROTOCOL_ICMPv6 then
            WScript.Echo("  ICMP Type and Code:    " & rule.IcmpTypesAndCodes)
        end if
        Select Case rule.Direction
            Case NET_FW_RULE_DIR_IN  WScript.Echo("  Direction:          In")
            Case NET_FW_RULE_DIR_OUT WScript.Echo("  Direction:          Out")
        End Select
        WScript.Echo("  Enabled:            " & rule.Enabled)
        WScript.Echo("  Edge:               " & rule.EdgeTraversal)
        Select Case rule.Action
            Case NET_FW_ACTION_ALLOW  WScript.Echo("  Action:             Allow")
            Case NET_FW_ACTION_BLOCk  WScript.Echo("  Action:             Block")
        End Select
        WScript.Echo("  Grouping:           " & rule.Grouping)
        WScript.Echo("  Edge:               " & rule.EdgeTraversal)
        WScript.Echo("  Interface Types:    " & rule.InterfaceTypes)
        InterfaceArray = rule.Interfaces
        if IsEmpty(InterfaceArray) then
            WScript.Echo("  Interfaces:         All")
        else
            LowerBound = LBound(InterfaceArray)
            UpperBound = UBound(InterfaceArray)
            WScript.Echo("  Interfaces:     ")
            for iterate = LowerBound To UpperBound
                WScript.Echo("       " & InterfaceArray(iterate))
            Next
        end if

        WScript.Echo("")
    end if
Next

It came from here, which should set you on the path in the right direction.