Windows Security Log Event ID 855

Operating Systems	Windows 2003 and XP
Category	Policy Change
Type	Success
Corresponding events in Windows 2008 and Vista	4950

855: A Windows Firewall ICMP setting has changed

On this page

Description of this event
Field level details
Examples

Windows logs this event when an administrator changes the local policy of the Windows Firewall or a group policy refresh results in a change to the Windows Firewall ICMP settings.

The event can contain the following settings values, one at a time: Allow incoming echo request, Allow outgoing destination unreachable, Allow redirect, Allow outgoing time exceeded, Allow outgoing parameter problem, Allow outgoing source quench, Allow incoming router request, Allow incoming timestamp request, Allow incoming mask request, Allow outgoing packet too big.

Free Security Log Resources by Randy

Description Fields in 855

Policy origin: Group Policy or Local Policy
Profile changed: Standard or Domain
Interface: The network interface cards it applies to, or "All interfaces".
New Settings:
(one of the following)
- Allow incoming echo request: Enabled or Disabled
- Allow outgoing destination unreachable: Enabled or Disabled
- Allow redirect: Enabled or Disabled
- Allow outgoing time exceeded: Enabled or Disabled
- Allow outgoing parameter problem: Enabled or Disabled
- Allow outgoing source quench: Enabled or Disabled
- Allow incoming router request: Enabled or Disabled
- Allow incoming timestamp request: Enabled or Disabled
- Allow incoming mask request: Enabled or Disabled
- Allow outgoing packet too big: Enabled or Disabled
Old Settings
(one of the following)
- Allow incoming echo request: Enabled or Disabled
- Allow outgoing destination unreachable: Enabled or Disabled
- Allow redirect: Enabled or Disabled
- Allow outgoing time exceeded: Enabled or Disabled
- Allow outgoing parameter problem: Enabled or Disabled
- Allow outgoing source quench: Enabled or Disabled
- Allow incoming router request: Enabled or Disabled
- Allow incoming timestamp request: Enabled or Disabled
- Allow incoming mask request: Enabled or Disabled
- Allow outgoing packet too big: Enabled or Disabled

Supercharger Free Edition

Examples of 855

A Windows Firewall ICMP setting has changed.

Policy origin: Local Policy
Profile changed: Standard
Interface: All interfaces
New Setting:
Allow outgoing destination unreachable: Enabled
Old Setting:
Allow outgoing destination unreachable: Disabled

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.