Event ID 5447

A Windows Filtering Platform filter has been changed.

A Windows Filtering Platform filter has been changed.

Subject:
    Security ID:   %2
    Account Name:  %3

Process Information:
    Process ID:    %1

Provider Information:
    ID:            %4
    Name:          %5

Change Information:
    Change Type:   %6

Filter Information:
    ID:            %7
    Name:          %8
    Type:          %9
    Run-Time ID:   %10

Layer Information:
    ID:            %11
    Name:          %12
    Run-Time ID:   %13

Callout Information:
    ID:            %17
    Name:          %18

Additional Information:
    Weight:        %14  
    Conditions:    %15
    Filter Action: %16

Auditing: Off

This event is mainly used for troubleshooting purposes and has little to no security relevance.

Volume: Low

Microsoft Documentation

Event ID - 5447

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"Other Policy Change Events"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Tags:

Audit Success

Audit Category:

Policy Change

Audit Subcategory:

Other Policy Change Events

LEFT/RIGHT arrow keys for navigation

Back to List