Windows Security Log Event ID 849

Operating Systems Windows 2003 and XP
CategoryPolicy Change
Type Success
Corresponding events
in Windows 2008
and Vista		 4945  

849: An application was listed as an exception when the Windows Firewall started

On this page

This isn't really an event per se.  It's just logged for each Windows Firewall application exception when the firewall starts in order to document the exceptions that were active at the time.  See also event ID 850.

Free Security Log Resources by Randy

Description Fields in 849

  • Policy origin: Did the policy come from the local settings or from group policies in Active Directory? (Local Policy/Group Policy)
  • Profile used: Standard or Domain? (based on whether computer is connected to it's "home" domain network or out travelling such as at a wi-fi hotspot)
  • Name: Exception name
  • Path: Full path name of the application allowed to listen for traffic
  • State: Enabled or Disabled
  • Scope: the IP Address and Subnet scopes to which traffic the policy applies or "All subnets" or "Local subnet"

Supercharger Free Edition


Supercharger's built-in Xpath filters leave the noise behind.

Free.

 

Examples of 849

An application was listed as an exception when the Windows Firewall started

Policy origin: Local Policy
Profile used: Standard
Name: FTP Transfer Engine
Path: C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe
State: Disabled
Scope: All subnets

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!