Event ID: 5152The Windows Filtering Platform has blocked a packet.
The Windows Filtering Platform has blocked a packet. Application Information: Process ID: %1 Application Name: %2 Network Information: Direction: %3 Source Address: %4 Source Port: %5 Destination Address: %6 Destination Port: %7 Protocol: %8 Filter Information: Filter Run-Time ID: %9 Layer Name: %10 Layer Run-Time ID: %11
This event generates when Windows Filtering Platform has blocked a network packet.
This event is generated for every received network packet.
Auditing this event is generally only recommended short-term for troubleshooting or security reasons.
The volume is potentially very high since this event is logged for every network packet that is being blocked.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Filtering Platform Packet Drop"
LEFT/RIGHT arrow keys for navigationBack to List