Windows Security Log Event ID 5441
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Policy Change • Filtering Platform Policy Change |
Type
|
Success
|
Corresponding events
in Windows
2003 and before |
|
5441: The following filter was present when the Windows Filtering Platform Base Filtering Engine started
On this page
This event is logged for each filter of each WFP provider at startup. For more information on WFP and providers see 5442.
The fields in this event provide all the details about the filter and serves to document the provider's entire policy at the time of startup.
For more information on sublayers see event 5444.
This event does not indicate a change - it just documents the policy at the time of startup.
Free Security Log Resources by Randy
Provider Information:
- ID: Globally unique identifier of the provider
- Name: Name of the provider
Filter Information:
For detailed information on these event fields, see the FWPM_FILTER_ENUM_TEMPLATE0 structure in MSDN.
Layer Information:
For more information on sublayers see event 5444.
Additional Information:
The list of filter conditions comprising this filter. For information on these fields see the FWPM_FILTER_CONDITION0 structure in MSDN.
Supercharger Free Edition
Supercharger's built-in Xpath filters leave the noise behind.
Free.
The following filter was present when the Windows Filtering Platform Base Filtering Engine started.
Provider Information:
ID: {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}
Name: Windows Firewall
Filter Information:
ID: {790018f5-8e05-4a78-88ac-ebc35a2e5ee5}
Name: Port Scanning Prevention Filter
Type: Boot-time
Run-Time ID: 65638
Layer Information:
ID: {7fb03b60-7b8d-4dfa-badd-980176fc4e12}
Name: Outbound ICMP Error v6 Layer
Run-Time ID: 34
Weight: 18446744073709551615
Additional Information:
Conditions:
Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c}
Match value: No flags set
Condition value: 0x00000001
Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b}
Match value: Equal to
Condition value: 0x0004
Condition ID: {c35a604d-d22b-4e1a-91b4-68f674ee674b}
Match value: In range
Condition value: 0x0000 - 0x0002
Filter Action: Block
Callout ID: {00000000-0000-0000-0000-000000000000}
Callout Name: -
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection