Event ID 5441

The following filter was present when the Windows Filtering Platform Base Filtering Engine started.

The following filter was present when the Windows Filtering Platform Base Filtering Engine started.

Provider Information:   
    ID:     %1
    Name:       %2

Filter Information:
    ID:     %3
    Name:       %4
    Type:       %5
    Run-Time ID:    %6

Layer Information:
    ID:     %7
    Name:       %8
    Run-Time ID:    %9
    Weight:     %10

Additional Information:
    Conditions: %11
    Filter Action:  %12
    Callout ID: %13
    Callout Name:   %14

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"Filtering Platform Policy Change"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Audit Category:

Policy Change

Audit Subcategory:

Filtering Platform Policy Change

LEFT/RIGHT arrow keys for navigation

Back to List