Firewall Service Block Notifications

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Windows Firewall with Advanced Security can be configured to notify the user when an application is blocked by the firewall, and ask if the application should continue to be blocked in the future. This notification is turned on by default in Windows Vista, and turned off by default in Windows Server 2008.

When appropriate auditing events are enabled (http://go.microsoft.com/fwlink/?linkid=92666), Windows reports when applications are blocked by the firewall.

Events

Event ID Source Message

2011

Microsoft-Windows-Windows Firewall with Advanced Security

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Reason:%t%t%1
Application Path:%t%2
IP Version:%t%3
Protocol:%t%4
Port:%t%t%5
Process Id:%t%6
User:%t%t%7

5031

Microsoft-Windows-Security-Auditing

The Windows Firewall Service blocked an application from accepting incoming connections on the network.

Profiles:%t%t%1
Application:%t%t%2

5032

Microsoft-Windows-Security-Auditing

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code:%t%1

Related Management Information

Windows Firewall Service

Windows Firewall with Advanced Security

Community Additions

ADD
Show: