|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
March 22nd 08, 07:32 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
Event log fills up with Failure Audit events (XP-Pro)
My Event log continuously fills up with failure audit events of this
type: The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\lsass.exe Process identifier: 1312 User account: SYSTEM User domain: NT AUTHORITY Service: Yes RPC server: No IP version: IPv4 IP protocol: UDP Port number: 3562 Allowed: No User notified: No The strange thing is that I am behind a firewall so Windows Firewall is set to OFF.... How can Windows Firewall log events if it is OFF????? And how can I get rid of this nuisance? I am running a fully up to date Symantec Corporate antivirus on this PC. Bo Berglund 
|
| Ads |
|
#2
March 22nd 08, 01:06 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Event log fills up with Failure Audit events (XP-Pro)
Bo Berglund wrote:
My Event log continuously fills up with failure audit events of this type: The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\lsass.exe Process identifier: 1312 User account: SYSTEM User domain: NT AUTHORITY Service: Yes RPC server: No IP version: IPv4 IP protocol: UDP Port number: 3562 Allowed: No User notified: No The strange thing is that I am behind a firewall so Windows Firewall is set to OFF.... How can Windows Firewall log events if it is OFF????? And how can I get rid of this nuisance? I am running a fully up to date Symantec Corporate antivirus on this PC. http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
|
|
#3
March 25th 08, 06:02 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Event log fills up with Failure Audit events (XP-Pro)
On Sat, 22 Mar 2008 08:06:01 -0500, "Shenan Stanley"
wrote: Bo Berglund wrote: My Event log continuously fills up with failure audit events of this type: The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\lsass.exe Process identifier: 1312 User account: SYSTEM User domain: NT AUTHORITY Service: Yes RPC server: No IP version: IPv4 IP protocol: UDP Port number: 3562 Allowed: No User notified: No The strange thing is that I am behind a firewall so Windows Firewall is set to OFF.... How can Windows Firewall log events if it is OFF????? And how can I get rid of this nuisance? I am running a fully up to date Symantec Corporate antivirus on this PC. http://www.eventid.net/display.asp?e...ri ty&phase=1 I noticed that even if Windows Firewall is ste to off it seems to be active anyway. So I stopped the service and set it for manual start. Now I don't get nearly as many log entries, but I still have a fair amount of unuseful entries, like: A new process has been created: New Process ID: 4908 Image File Name: C:\Engineering\Projects\Bosse\MailCheck\MailCheck. exe Creator Process ID: 240 User Name: Bosse Domain: MYDOMAIN Logon ID: (0x0,0x1ACAD) And then after the program exits: A process has exited: Process ID: 4908 Image File Name: C:\Engineering\Projects\Bosse\MailCheck\MailCheck. exe User Name: Bosse Domain: MYDOMAIN Logon ID: (0x0,0x1ACAD) What is the purpose of logging these items? Again the event log fills up with non-usable entries. It would have been useful if failures were logged, but why log normal activity? And how can I reduce this? Bo Berglund
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
