Windows Security Log Event ID 5442
| Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category
• Subcategory | Policy Change
• Filtering Platform Policy Change |
|
Type
|
Success
|
Corresponding events
in Windows
2003
and before |
|
5442: The following provider was present when the Windows Filtering Platform Base Filtering Engine started
On this page
This event is logged for each Windows Filtering Platform Provider present when the base engine starts as part of Windows boot up.
The Windows Filtering Platform is a foundation component of Windows that provides an API and base filtering engine upon which other network filtering applications are built including several other Windows networking components and potentially 3rd party applications.
A WFP Provider is a Windows component or 3rd party application that that has built a solution on WFP. The default, built-in providers are:
- IPsec Policyagent
- Windows Firewall
- Windows IPSec
This event does not indicate a change - it just documents the providers present at the time of startup.
Provider ID: Globally unique identifier of the provider
Provider Name: name of the provider
Provider Type: Normally "Persistent" but may report as "Disabled" or similar wording if engine has problem with provider.
Free Security Log Resources by Randy
- Provider ID: %1
- Provider Name: %2
- Provider Type: %3
Setup PowerShell Audit Log Forwarding in 4 Minutes