Start
About
FAQ
Blogroll
ShopMany 5159 events are logged in the Security event log after you disable Windows Firewall and enable the “Filtering Platform Connection” auditing policy
Consider the following scenario:
- On a computer that is running Windows Vista or Windows Server 2008, you disable Windows Firewall for the Domain profile, the Private profile and the Public profile.
- You enable the “Filtering Platform Connection” audit policy.
In this scenario, the following Event ID 5159 is logged many times in the Security event log:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Event ID: 5159
Task Category: Filtering Platform Connection
Level: Information
Keywords: Audit Failure
User: N/A
Description:
The Windows Filtering Platform has blocked a bind to a local port.
Application Information:
Process ID: process ID
Application Name: %path to some application%
Network Information:
Source Address: IP address
Source Port: port number
Protocol: 17
Filter Information:
Filter Run-Time ID: 0
Layer Name: Resource Assignment
Layer Run-Time ID: 36
These events quickly fill the Security event log. Because of the large number of entries in the Security event log, it is difficult to monitor audit failures.
There is a download that resolves this issue. See Hotfixes for details.
32-bit Download: Windows6.0-KB969257-x86.msu
64-Bit Download: Windows6.0-KB969257-x64.msu
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB969257.
Digg
Mixx
Propeller
Slashdot
Stumble
Tips and Tricks
Windows Updates
Hotfixes
Fix It
Keyboard Shortcuts
Vista's Services
Vista's Commands
Product Reviews
Glossary
Videos
Web Links
Comments
There are no comments yet...Come on, share your thoughts!
Leave a Comment