Firewall Service Block Notifications

Applies To: Windows Server 2008

Windows Firewall with Advanced Security can be configured to notify the user when an application is blocked by the firewall, and ask if the application should continue to be blocked in the future. This notification is turned on by default in Windows Vista, and turned off by default in Windows Server 2008.

When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports when applications are blocked by the firewall.

Events

Event ID Source Message

5031

Microsoft-Windows-Security-Auditing

The Windows Firewall Service blocked an application from accepting incoming connections on the network.

Profiles:%t%t%1
Application:%t%t%2

5032

Microsoft-Windows-Security-Auditing

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code:%t%1

Windows Firewall Service

Windows Firewall with Advanced Security