Security, et al

Randy's Blog on Infosec and Other Stuff

«  Back Door Bypasses AppLoc... | Say What? Deleting old lo... »

Eliminate Windows Firewall Chatter (Noise) from the Security Log

Fri, 08 Jul 2011 07:03:55 GMT

Vista, Windows 7 and Windows Server 2008 generate a lot of events regarding the Windows Firewall and for most of us in most scenarios this is at best chatter if not down right noise.  Here's how to get rid of it.

You need to disable all of the audit subcategories that reference Filtering Platform or MPSSVC as well as the "Other Policy Change Events" and other "System Events" subcategory. That's:

That's what I do in my Recommended Audit Baseline.  If you are on Windows Server 2008 R2 you can use group policy instead of the auditpol command; look for the Advanced Audit Policy folder at the bottom of Security Settings.

Don't forget to enable this policy before you start configuring subcategories.

Related webinars:

 

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
Understanding the Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure

Comments disabled

powered by Bloget™

Search


Categories
Recent Blogs
Archive


 

Upcoming Webinars
    Additional Resources