Exchange Admin Audit Log Event ID 25672

SourceExchange (LOGbinder EX)
LogAdmin Audit
Windows Security Log
 • Subcategory
Object Access
 • Application Generated
Type Success

25672: Remove-MalwareFilterRule Exchange cmdlet issued

This is an event from Exchange audit event from LOGbinder EX generated by Log  Admin Audit.

On this page

See also the TechNet article on the Remove-MalwareFilterRule cmdlet.

Free Security Log Resources by Randy

Description Fields in 25672

OccurredDate and time when Exchange registered the cmdlet.
CmdletThe cmdlet that was issued.
Performed byThe user who issued the cmdlet.
Succeeded"Yes", if succeeded, "No", otherwise.
Error"None", if the cmdlet resulted in no error, the error message otherwise.
Originating serverThe host name of the server.
Object modifiedThe object that was modified by the cmdlet.
ParametersThe list of parameters, listing them by the parameter''s Name and Value.
Modified propertiesModified properties, if any (otherwise "n/a").
Additional informationAdditional information, if any (otherwise "n/a").

Supercharger Enterprise


Where Does This Event Come From?

This Event Is Produced By

Which Integrates with Your SIEM

Examples of 25672

Remove-MalwareFilterRule Exchange cmdlet issued
Occurred: 3/16/2015 2:18:47 PM
Cmdlet: Remove-MalwareFilterRule
Performed by: lb.local/Users/Administrator
Succeeded: Yes
Error: None
Originating server: DEV1 (15.00.1044.021)
Object modified: testmalwarefilterrule
  Name: Confirm, Value: [False]
Name: Identity, Value: [testmalwarefilterrule]
Modified Properties
Additional information: ExternalAccess= [false]; CmdletParameters/Parameter/Name= [Confirm]; CmdletParameters/Parameter/Value= [False]; CmdletParameters/Parameter/Name= [Identity]; CmdletParameters/Parameter/Value= [testmalwarefilterrule]

For more information, see

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection


Additional Resources