Event ID 5025 — Firewall Service and Driver Initialization

Applies To: Windows Server 2008

The Windows Firewall service (MpsSvc) and its supporting driver must be running to provide the core firewall functionality and to manage the firewall and connection security rules that define how the firewall operates. When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures in starting the required software components, or when the components stop operating due to a failure.

Note: Because the Windows Firewall services applies Windows service hardening rules to standard Windows Networking services, Microsoft does not support stopping the Windows Firewall service. If you do not want to use Windows Firewall, turn the firewall features off without stopping the service.

Event Details

Product: Windows Operating System
ID: 5025
Source: Microsoft-Windows-Security-Auditing
Version: 6.0
Symbolic Name: SE_AUDITID_ETW_MPSFIREWALL_STOPPED
Message: The Windows Firewall Service has been stopped.

Resolve

Restart the service

If you manually stopped the Windows Firewall service, you can use the following procedure to restart it.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To restart the firewall service:

  1. You can restart the service by using a command prompt or by using the Services MMC snap-in. Do one of the following:
    • Start an administrative command prompt. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. At that command prompt, run the command net start mpssvc.
    • Click Start, type services.msc in the Start Search box, and then press ENTER. In the Name column of the Services snap-in, right-click Windows Firewall, and then click Start.
  2. If the attempt to restart only the service fails, then restart the computer. This forces all related and dependent services to restart.
  3. If the error persists after the computer restarts, then the executable files for the service or driver might be corrupted, and the operating system must be reinstalled.

Verify

You can verify that the Windows Firewall service is running by using the Services Microsoft Management Console (MMC) snap-in or the net start command-line tool.

To verify that the Windows Firewall service is running:

Check the status by using the Services MMC snap-in

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

  1. Click Start, type services.msc in the Start Search box, and then press ENTER.
  2. In the Services MMC snap-in, find Windows Firewall, and then confirm that Started appears in the Status column.

Check the status by using the net start command-line tool

  • At a command prompt, type net start, and then verify that Windows Firewall is listed as one of the services currently running on the computer.

Firewall Service and Driver Initialization

Windows Firewall with Advanced Security