Event ID 5446

A Windows Filtering Platform callout has been changed.

A Windows Filtering Platform callout has been changed.

Subject:
    Security ID:        %2
    Account Name:       %3

Process Information:
    Process ID: %1

Provider Information:
    ID:     %4
    Name:       %5

Change Information:
    Change Type:    %6

Callout Information:
    ID:     %7
    Name:       %8
    Type:       %9
    Run-Time ID:    %10

Layer Information:
    ID:     %11
    Name:       %12
    Run-Time ID:    %13

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"Filtering Platform Policy Change"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019

Audit Category:

Policy Change

Audit Subcategory:

Filtering Platform Policy Change

LEFT/RIGHT arrow keys for navigation

Back to List