Windows Security Log Events



(LOGbinder for SharePoint)
(LOGbinder for SQL Server)
(LOGbinder for Exchange)
(MS Sysinternals Sysmon)
Windows Audit Categories:

Subcategories:

Windows Versions:

Required when sub-category selected.
Category: Policy Change
Subcategory: Filtering Platform Policy Change
Windows 4709 IPsec Services was started
Windows 4710 IPsec Services was disabled
Windows 4711 PAStore Engine (1%)
Windows 4712 IPsec Services encountered a potentially serious failure
Windows 5440 The following callout was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5441 The following filter was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5442 The following provider was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5443 The following provider context was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5444 The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5446 A Windows Filtering Platform callout has been changed
Windows 5448 A Windows Filtering Platform provider has been changed
Windows 5449 A Windows Filtering Platform provider context has been changed
Windows 5450 A Windows Filtering Platform sub-layer has been changed
Windows 5456 PAStore Engine applied Active Directory storage IPsec policy on the computer
Windows 5457 PAStore Engine failed to apply Active Directory storage IPsec policy on the computer
Windows 5458 PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer
Windows 5459 PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer
Windows 5460 PAStore Engine applied local registry storage IPsec policy on the computer
Windows 5461 PAStore Engine failed to apply local registry storage IPsec policy on the computer
Windows 5462 PAStore Engine failed to apply some rules of the active IPsec policy on the computer
Windows 5463 PAStore Engine polled for changes to the active IPsec policy and detected no changes
Windows 5464 PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services
Windows 5465 PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully
Windows 5466 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead
Windows 5467 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy
Windows 5468 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes
Windows 5471 PAStore Engine loaded local storage IPsec policy on the computer
Windows 5472 PAStore Engine failed to load local storage IPsec policy on the computer
Windows 5473 PAStore Engine loaded directory storage IPsec policy on the computer
Windows 5474 PAStore Engine failed to load directory storage IPsec policy on the computer
Windows 5477 PAStore Engine failed to add quick mode filter

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources