Firewall Service and Driver Initialization

Applies To: Windows Server 2008

The Windows Firewall service (MpsSvc) and its supporting driver must be running to provide the core firewall functionality and to manage the firewall and connection security rules that define how the firewall operates. When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures in starting the required software components, or when the components stop operating due to a failure.

Note: Because the Windows Firewall services applies Windows service hardening rules to standard Windows Networking services, Microsoft does not support stopping the Windows Firewall service. If you do not want to use Windows Firewall, turn the firewall features off without stopping the service.

Events

Event ID Source Message

4944

Microsoft-Windows-Security-Auditing

The following policy was active when the Windows Firewall started.

Group Policy Applied:%t%1
Profile Used:%t%2
Operational mode:%t%3
Allow Remote Administration:%t%4
Allow Unicast Responses to Multicast/Broadcast Traffic:%t%5
Security Logging:
%tLog Dropped Packets:%t%6
%tLog Successful Connections:%t%7

4945

Microsoft-Windows-Security-Auditing

A rule was listed when the Windows Firewall started.
%t
Profile used:%t%1

Rule:
%tRule ID:%t%2
%tRule Name:%t%3

5024

Microsoft-Windows-Security-Auditing

The Windows Firewall Service has started successfully.

5025

Microsoft-Windows-Security-Auditing

The Windows Firewall Service has been stopped.

5029

Microsoft-Windows-Security-Auditing

The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.

Error Code:%t%1

5030

Microsoft-Windows-Security-Auditing

The Windows Firewall Service failed to start.

Error Code:%t%1

5033

Microsoft-Windows-Security-Auditing

The Windows Firewall Driver has started successfully.

5034

Microsoft-Windows-Security-Auditing

The Windows Firewall Driver has been stopped.

5035

Microsoft-Windows-Security-Auditing

The Windows Firewall Driver failed to start.

Error Code:%t%1

5037

Microsoft-Windows-Security-Auditing

The Windows Firewall Driver detected critical runtime error. Terminating.

Error Code:%t%1

Windows Firewall Service

Windows Firewall with Advanced Security