Event ID 4963

IPsec dropped an inbound clear text packet that should have been secured

IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected.  This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt.

Remote Network Address: %1
Inbound SA SPI:     %2

Auditing: Conditional

Volume: Low

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"IPsec Driver"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Audit Category:

System

Audit Subcategory:

IPsec Driver

LEFT/RIGHT arrow keys for navigation

Back to List