Audit Policy: Object Access: Filtering Platform Packet DropID: oval:org.secpod.oval:def:19094 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Object Access: Filtering Platform Packet Drop events on failure should be enabled or disabled as appropriate.
This subcategory reports when packets are dropped by Windows Filtering Platform (WFP). These events can be very high in volume. Events for this subcategory include: - 5152: The Windows Filtering Platform blocked a packet. - 5153: A more restrictive Windows Filtering Platform filter has blocked a packet. Refer to the Microsoft Knowledgebase article Description of security events in Windows Vista and in Windows Server 2008 for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |