Windows Security Log Event ID 5152
Operating Systems Windows Vista
Windows Server 2008
Category
 • Subcategory
Object Access
 • Filtering Platform Packet Drop
Type Failure
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 5152
I'am the source of an inbound connection

5152: The Windows Filtering Platform blocked a packet

On this page

This event logs all the particulars about a blocked packet including the filter that caused the block.

Application Information: 

  • Process ID:  process ID specified when the executable started as logged in 4688
  • Application Name: the program executable on this computer's side of the packet transmission

Application Information:

  •  Process ID:  %1
  •  Application Name: %2

Network Information:

  •  Direction:  %3
  •  Source Address:  %4
  •  Source Port:  %5
  •  Destination Address: %6
  •  Destination Port:  %7
  •  Protocol:  %8

Filter Information:

  •  Filter Run-Time ID: %9
  •  Layer Name:  %10
  •  Layer Run-Time ID: %11

Top 10 Windows Security Events to Monitor

The Windows Filtering Platform blocked a packet.

Application Information:

   Process ID:  1132
   Application Name: \device\harddiskvolume1\windows\system32     \svchost.exe

Network Information:

   Direction:  Inbound
   Source Address:  224.0.0.252
   Source Port:  5355
   Destination Address: 10.42.42.213
   Destination Port:  56253
   Protocol:  17

Filter Information:

   Filter Run-Time ID: 0
   Layer Name:  Receive/Accept
   Layer Run-Time ID: 44

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this



Training for the Windows Security Log