Windows Security Log Event ID 849

Operating Systems Windows 2003 and XP
CategoryPolicy Change
Type Success
Corresponding events
in Windows 2008
and Vista
4945  

849: An application was listed as an exception when the Windows Firewall started

On this page

This isn't really an event per se.  It's just logged for each Windows Firewall application exception when the firewall starts in order to document the exceptions that were active at the time.  See also event ID 850.

Free Security Log Resources by Randy

Description Fields in 849

  • Policy origin: Did the policy come from the local settings or from group policies in Active Directory? (Local Policy/Group Policy)
  • Profile used: Standard or Domain? (based on whether computer is connected to it's "home" domain network or out travelling such as at a wi-fi hotspot)
  • Name: Exception name
  • Path: Full path name of the application allowed to listen for traffic
  • State: Enabled or Disabled
  • Scope: the IP Address and Subnet scopes to which traffic the policy applies or "All subnets" or "Local subnet"

Setup PowerShell Audit Log Forwarding in 4 Minutes

 

Examples of 849

An application was listed as an exception when the Windows Firewall started

Policy origin: Local Policy
Profile used: Standard
Name: FTP Transfer Engine
Path: C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe
State: Disabled
Scope: All subnets

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

 

Upcoming Webinars
    Additional Resources