A Windows Filtering Platform filter has been changed.
Subject:
Security ID: LOCAL SERVICE
Account Name: NT AUTHORITY\LOCAL SERVICE
Process Information:
Process ID: 1364
Provider Information:
ID: {4b153735-1049-4480-aab4-d1b9bdc03710}
Name: Windows Firewall
Change Information:
Change Type: Delete
Filter Information:
ID: {d0a8b19f-7660-4712-99d0-c415217eb500}
Name: DhcpFirewallPolicy
Type: Not persistent
Run-Time ID: 66758
Layer Information:
ID: {e1cd9fe7-f4b5-4273-96c0-592e487b8650}
Name: ALE Receive/Accept v4 Layer
Run-Time ID: 44
Callout Information:
ID: {00000000-0000-0000-0000-000000000000}
Name: -
Additional Information:
Weight: 140728898420736
Conditions:
Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b}
Match value: Equal to
Condition value: 0x0222
Condition ID: {d78e1e87-8644-4ea5-9437-d809ecefc971}
Match value: Equal to
Condition value:
00000000 5c 00 64 00 65 00 76 00-69 00 63 00 65 00 5c 00 \.d.e.v.i.c.e.\.
00000010 68 00 61 00 72 00 64 00-64 00 69 00 73 00 6b 00 h.a.r.d.d.i.s.k.
00000020 76 00 6f 00 6c 00 75 00-6d 00 65 00 31 00 5c 00 v.o.l.u.m.e.1.\.
00000030 77 00 69 00 6e 00 64 00-6f 00 77 00 73 00 5c 00 w.i.n.d.o.w.s.\.
00000040 73 00 79 00 73 00 74 00-65 00 6d 00 33 00 32 00 s.y.s.t.e.m.3.2.
00000050 5c 00 73 00 76 00 63 00-68 00 6f 00 73 00 74 00 \.s.v.c.h.o.s.t.
00000060 2e 00 65 00 78 00 65 00-00 00 ..e.x.e...
Condition ID: {af043a0a-b34d-4f86-979c-c90371af6e66}
Match value: Equal to
Condition value:
O:SYG:SYD:(A;;CCRC;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)
Condition ID: {c35a604d-d22b-4e1a-91b4-68f674ee674b}
Match value: Equal to
Condition value: 0x0223
Condition ID: {3971ef2b-623e-4f9a-8cb1-6e79b806b9a7}
Match value: Equal to
Condition value: 0x11
Filter Action: Permit
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection