WinSecWiki > Security Settings > Advanced Audit Policies > System > Other System Events

Audit Other System Events

This is a hodge podge of events dominated by Windows Firewall system service activity which would seem to belong elsewhere. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4615	Invalid use of LPC port.
5024	The Windows Firewall Service has started successfully.
5025	The Windows Firewall Service has been stopped.
5027	The Windows Firewall Service was unable to retrieve the security policy from the local storage
5028	The Windows Firewall Service was unable to parse the new security policy.
5029	The Windows Firewall Service failed to initialize the driver.
5030	The Windows Firewall Service failed to start.
5032	Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network
5033	The Windows Firewall Driver has started successfully.
5034	The Windows Firewall Driver has been stopped.
5035	The Windows Firewall Driver failed to start.
5037	The Windows Firewall Driver detected critical runtime error. Terminating
5058	Key file operation.
5059	Key migration operation.

Back to top

 

Upcoming Webinars Operational Technology: The Growing Cyber-Kinetic Front in the SecOps War Identity Fabric: Stitching Together IAM or Selling the Emperor’s New Clothes?

Additional Resources