Windows Security Log Event ID 5152

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory
Object Access
 • Filtering Platform Packet Drop
Type Failure
Corresponding events
in Windows 2003
and before
 

5152: The Windows Filtering Platform blocked a packet

On this page

This event logs all the particulars about a blocked packet including the filter that caused the block.

Application Information: 

  • Process ID:  process ID specified when the executable started as logged in 4688
  • Application Name: the program executable on this computer's side of the packet transmission

Free Security Log Resources by Randy

Description Fields in 5152

Application Information:

  •  Process ID:  %1
  •  Application Name: %2

Network Information:

  •  Direction:  %3
  •  Source Address:  %4
  •  Source Port:  %5
  •  Destination Address: %6
  •  Destination Port:  %7
  •  Protocol:  %8

Filter Information:

  •  Filter Run-Time ID: %9
  •  Layer Name:  %10
  •  Layer Run-Time ID: %11

Supercharger Enterprise


Load Balancing for Windows Event Collection

 

Examples of 5152

The Windows Filtering Platform blocked a packet.

Application Information:

   Process ID:  1132
   Application Name: \device\harddiskvolume1\windows\system32     \svchost.exe

Network Information:

   Direction:  Inbound
   Source Address:  224.0.0.252
   Source Port:  5355
   Destination Address: 10.42.42.213
   Destination Port:  56253
   Protocol:  17

Filter Information:

   Filter Run-Time ID: 0
   Layer Name:  Receive/Accept
   Layer Run-Time ID: 44

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Upcoming Webinars
    Additional Resources