Audit Other System Events
Applies To: Windows 7, Windows Server 2008 R2
This security policy setting determines whether the operating system audits any of the following events:
Startup and shutdown of the Windows Firewall service and driver.
Security policy processing by the Windows Firewall service.
Cryptography key file and migration operations.
Important
Failure to start the Windows Firewall service may result in a computer that is not fully protected against network threats.
Event volume: Low
Default: Success and failure
If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista, unless otherwise noted.
| Event ID | Event message | ||
|---|---|---|---|
5024 |
The Windows Firewall Service has started successfully. |
||
5025 |
The Windows Firewall Service has been stopped. |
||
5027 |
The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. |
||
5028 |
The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. |
||
5029 |
The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. |
||
5030 |
The Windows Firewall Service failed to start. |
||
5032 |
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. |
||
5033 |
The Windows Firewall Driver has started successfully. |
||
5034 |
The Windows Firewall Driver has been stopped. |
||
5035 |
The Windows Firewall Driver failed to start. |
||
5037 |
The Windows Firewall Driver detected critical runtime error. Terminating. |
||
5058 |
Key file operation. |
||
5059 |
Key migration operation. |
||
6400 |
BranchCache: Received an incorrectly formatted response while discovering availability of content.
|
||
6401 |
BranchCache: Received invalid data from a peer. Data discarded. Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
||
6402 |
BranchCache: The message to the hosted cache offering it data is incorrectly formatted. Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
||
6403 |
BranchCache: The hosted cache sent an incorrectly formatted response to the client. Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
||
6404 |
BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
||
6405 |
BranchCache: %2 instance(s) of event id %1 occurred. Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
||
6406 |
%1 registered to Windows Firewall to control filtering for the following: %2 Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
||
6407 |
1% Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
||
6408 |
Registered product %1 failed and Windows Firewall is now controlling the filtering for %2 Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
.gif)
Note