Event ID: 4944

The following policy was active when the Windows Firewall started

The following policy was active when the Windows Firewall started.

Group Policy Applied:                                   %1
Profile Used:                                           %2
Operational mode:                                       %3
Allow Remote Administration:                            %4
Allow Unicast Responses to Multicast/Broadcast Traffic: %5
Security Logging:
    Log Dropped Packets:        %6
    Log Successful Connections: %7
Microsoft Documentation

Event ID - 4944



This event generates every time Windows Firewall service starts.

This event shows Windows Firewall settings that were in effect when the Windows Firewall service started.



Name Field Insertion String OS Example
Group Policy Applied GroupPolicyApplied %1 Any No
Profile Used Profile %2 Any Public
Operational mode OperationMode %3 Any Off
Allow Remote Administration RemoteAdminEnabled %4 Any Disabled
Allow Unicast Responses to Multicast/Broadcast Traffic MulticastFlowsEnabled %5 Any Enabled
Log Dropped Packets LogDroppedPacketsEnabled %6 Any Disabled
Log Successful Connections LogSuccessfulConnectionsEnabled %7 Any Disabled


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"MPSSVC Rule-Level Policy Change"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List