Windows Security Log Event ID 851
| Operating Systems |
Windows 2003 and XP
|
|
Category | Policy Change |
|
Type
|
Success
|
Corresponding events
in Windows
2008
and Vista |
4946
,
4947
,
4948
|
851: A change has been made to the Windows Firewall application exception list
On this page
Windows logs this event when an administrator changes the local policy of the Windows Firewall or a group policy refresh results in a change to the effective Windows Firewall policy - specifically exception rules that allow traffic for specific applications.
Free Security Log Resources by Randy
- Policy origin: Group Policy, or Local Policy
- Profile changed: Standard or Domain
- Change type: Add/Remove/Modify
New Settings:
- Name: Name of the application
- Path: Full path to the application
- State: Enabled or Disabled
- Scope: IP address or subnet mask to which the rule applies. Could also be "All subnets", "Local subnet".
Old Settings:
- Name: Name of the application
- Path: Full path to the application
- State: Enabled or Disabled
- Scope: IP address or subnet mask to which the rule applies. Could also be "All subnets", "Local subnet".
Setup PowerShell Audit Log Forwarding in 4 Minutes
A change has been made to the Windows Firewall application exception list
Policy origin: Local Policy
Profile changed: Standard
Change type: Modify
New Settings:
Name: Internet Explorer
Path: C:\Program Files\Internet Explorer\iexplore.exe
State: Enabled
Scope: Local subnet only
Old Settings:
Name: Internet Explorer
Path: C:\Program Files\Internet Explorer\iexplore.exe
State: Enabled
Scope: All subnets
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection