Audit Filtering Platform Packet Drop
Applies To: Windows 7, Windows Server 2008 R2
This security policy setting allows you to audit packets that are dropped by the Windows Filtering Platform.
A high rate of dropped packets may indicate attempts to gain unauthorized access to computers on your network.
Event volume: High
Default setting: Not configured
If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.
| Event ID | Event message |
|---|---|
5152 |
The Windows Filtering Platform blocked a packet. |
5153 |
A more restrictive Windows Filtering Platform filter has blocked a packet. |