Windows Security Log Event ID 5158

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
Object Access
 • Filtering Platform Connection
Type Success
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 5158
Ask a question about this event

5158: The Windows Filtering Platform has permitted a bind to a local port

On this page

This event is logged every time a client or server application binds to a port.  Binding is the first step in TCP/UDP communications.  For server applications, subsequent to this event you will see 5154 or 5031 when the server attempts to begin listening on the port. 

The example above is the system binding to TCP port 3389 for Remote Desktop connections.

Application Information:

  • Process ID:  process ID specified when the executable started as logged in 4688
  • Application Name: the program executable on this computer's side of the packet transmission

Free Security Log Resources by Randy

Description Fields in 5158

Application Information:

  •  Process ID:  %1
  •  Application Name: %2

Network Information:

  •  Source Address:  %3
  •  Source Port:  %4
  •  Protocol:  %5

Filter Information:

  •  Filter Run-Time ID: %6
  •  Layer Name:  %7
  •  Layer Run-Time ID: %8

Supercharger Free Edition


Supercharger's built-in Xpath filters leave the noise behind.

Free.

 

Examples of 5158

The Windows Filtering Platform has permitted a bind to a local port.

Application Information:

   Process ID:  4
   Application Name: System

Network Information:

   Source Address:  ::
   Source Port:  3389
   Protocol:  6

Filter Information:

   Filter Run-Time ID: 0
   Layer Name:  Resource Assignment
   Layer Run-Time ID: 38

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources