Windows Security Log Event ID 851
Operating Systems Windows XP
Windows Server 2003
CategoryPolicy Change
Type Success
Corresponding events
in Windows 2008
and Vista
4946 , 4947 , 4948  
Discussions on Event ID 851
Ask a question about this event

851: A change has been made to the Windows Firewall application exception list

On this page

Windows logs this event when an administrator changes the local policy of the Windows Firewall or a group policy refresh results in a change to the effective Windows Firewall policy - specifically exception rules that allow traffic for specific applications.

  • Policy origin: Group Policy, or Local Policy
  • Profile changed: Standard or Domain
  • Change type: Add/Remove/Modify

New Settings:
 

  • Name: Name of the application
  • Path: Full path to the application
  • State: Enabled or Disabled
  • Scope: IP address or subnet mask to which the rule applies. Could also be "All subnets", "Local subnet".

Old Settings:

  • Name: Name of the application
  • Path: Full path to the application
  • State: Enabled or Disabled
  • Scope: IP address or subnet mask to which the rule applies. Could also be "All subnets", "Local subnet".

 

Top 10 Windows Security Events to Monitor

A change has been made to the Windows Firewall application exception list

Policy origin: Local Policy
Profile changed: Standard
Change type: Modify
New Settings:
     Name: Internet Explorer
     Path: C:\Program Files\Internet Explorer\iexplore.exe
     State: Enabled
     Scope: Local subnet only
Old Settings:
     Name: Internet Explorer
     Path: C:\Program Files\Internet Explorer\iexplore.exe
     State: Enabled
     Scope: All subnets

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this



Training for the Windows Security Log