Windows Security Log Event ID 861
Operating Systems Windows XP
Windows Server 2003
CategoryProcess Tracking
Type Success
Corresponding events
in Windows 2008
and Vista
5154 , 5155  
Discussions on Event ID 861
Ask a question about this event

861: The Windows Firewall has detected an application listening for incoming traffic

On this page

This event documents applications that request to open UDP or TCP ports in listening mode and whether the request was allowed.

  • Name: the name of the application
  • Path: full path name of program listening for incomming traffic 
  • Process identifier: PID of process - same as in event ID 592 and in Task Manager
  • User account: user account process running as
  • User domain: domain of user account
  • Service: Yes or No - is the application is a system service?
  • RPC server: Yes or No - is it on an RPC server?
  • IP version: IPv4  or IPv6
  • IP protocol: UDP or TCP 
  • Port number: self explanatory 
  • Allowed: Yes or No - did Windows allow the application to open the port?
  • User notified: Yes or No - did Windows notify user with a dialog box?

Top 10 Windows Security Events to Monitor

The Windows Firewall has detected an application listening for incoming traffic.
 
Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 428
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 4500
Allowed: Yes
User notified: No

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this



Training for the Windows Security Log