4953 from SNMP service Expand / Collapse
Author
Message
Posted 6/20/2011 12:58:42 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 12/13/2010 5:09:00 PM
Posts: 2, Visits: 0
Here's an example of this error from a Server 2008 R2 machine with the SNMP Service installed:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Event ID: 4953
Task Category: MPSSVC Rule-Level Policy Change
Level: Information
Keywords: Audit Failure
Description:
Windows Firewall ignored a rule because it could not be parsed.

Profile: All

Reason for Rejection: A rule must include a valid direction

Rule:
ID: SNMP-3
Name: Block any other traffic to and from SNMP service


The rule is not visible in the Advanced Firewall Configuration (since that only lists Inbound and Outbound rules), but it can be found in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\SNMP-3

V2.0|Action=Block|App=%SystemRoot%\system32\snmp.exe|Svc=SNMP|Name=@%SystemRoot%\system32\snmp.exe,-7|

I never added SNMP firewall rules. Apparently SNMP setup configures the firewall rules incorrectly. Maybe the error would go away if I deleted that registry key, but I'll probably just ignore the error.

Mark Berry
MCB Systems
www.mcbsys.com
Post #738
Posted 6/22/2011 9:47:48 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
Thanks Mark!
Post #744
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 7:58am