|
Posted by Meinolf Weber on June 26, 2008, 12:08 pm
Please log in for more thread options
Hello polykobol@gmail.com,
Have a look here about Miles Li's solution:
http://forums.technet.microsoft.com/en-US/winserversecurity/thread/9cb175a1-78fb-452e-b59d-0416940c2d20/
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> We recently installed Windows Server 2008 on a server and we have
> noticed that the Windows Security Log is crowded with events like the
> ones below (several thousands every day). We realize that they are
> from some kind of multicast, but we just want to get rid of them. It
> is however a bit difficult since we don't know the cause. Any Help
> will be greatly appreciated.
>
> Thanks,
> Mattias
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 2008-06-26 02:00:15
> Event ID: 5157
> Task Category: Filtering Platform Connection
> Level: Information
> Keywords: Audit Failure
> User: N/A
> Computer: cosmo.lundalogik.local
> Description:
> The Windows Filtering Platform has blocked a connection.
> Application Information:
> Process ID: 716
> Application Name: \device\harddiskvolume2\windows
> \system32\svchost.exe
> Network Information:
> Direction: Inbound
> Source Address: 224.0.0.252
> Source Port: 5355
> Destination Address: 192.168.35.56
> Destination Port: 49425
> Protocol: 17
> Filter Information:
> Filter Run-Time ID: 0
> Layer Name: Receive/Accept
> Layer Run-Time ID: 44
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider Name="Microsoft-Windows-Security-Auditing"
> Guid="" />
> <EventID>5157</EventID>
> <Version>0</Version>
> <Level>0</Level>
> <Task>12810</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8010000000000000</Keywords>
> <TimeCreated SystemTime="2008-06-26T00:00:15.364Z" />
> <EventRecordID>65636</EventRecordID>
> <Correlation />
> <Execution ProcessID="4" ThreadID="92" />
> <Channel>Security</Channel>
> <Computer>cosmo.lundalogik.local</Computer>
> <Security />
> </System>
> <EventData>
> <Data Name="ProcessID">716</Data>
> <Data Name="Application">\device\harddiskvolume2\windows
> \system32\svchost.exe</Data>
> <Data Name="Direction">%%14592</Data>
> <Data Name="SourceAddress">224.0.0.252</Data>
> <Data Name="SourcePort">5355</Data>
> <Data Name="DestAddress">192.168.35.56</Data>
> <Data Name="DestPort">49425</Data>
> <Data Name="Protocol">17</Data>
> <Data Name="FilterRTID">0</Data>
> <Data Name="LayerName">%%14610</Data>
> <Data Name="LayerRTID">44</Data>
> </EventData>
> </Event>
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 2008-06-26 02:00:15
> Event ID: 5157
> Task Category: Filtering Platform Connection
> Level: Information
> Keywords: Audit Failure
> User: N/A
> Computer: cosmo.lundalogik.local
> Description:
> The Windows Filtering Platform has blocked a connection.
> Application Information:
> Process ID: 716
> Application Name: \device\harddiskvolume2\windows
> \system32\svchost.exe
> Network Information:
> Direction: Inbound
> Source Address: ff02::1:3
> Source Port: 5355
> Destination Address: fe80::e530:9589:5d64:74f3
> Destination Port: 54188
> Protocol: 17
> Filter Information:
> Filter Run-Time ID: 0
> Layer Name: Receive/Accept
> Layer Run-Time ID: 46
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider Name="Microsoft-Windows-Security-Auditing"
> Guid="" />
> <EventID>5157</EventID>
> <Version>0</Version>
> <Level>0</Level>
> <Task>12810</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8010000000000000</Keywords>
> <TimeCreated SystemTime="2008-06-26T00:00:15.348Z" />
> <EventRecordID>65633</EventRecordID>
> <Correlation />
> <Execution ProcessID="4" ThreadID="92" />
> <Channel>Security</Channel>
> <Computer>cosmo.lundalogik.local</Computer>
> <Security />
> </System>
> <EventData>
> <Data Name="ProcessID">716</Data>
> <Data Name="Application">\device\harddiskvolume2\windows
> \system32\svchost.exe</Data>
> <Data Name="Direction">%%14592</Data>
> <Data Name="SourceAddress">ff02::1:3</Data>
> <Data Name="SourcePort">5355</Data>
> <Data Name="DestAddress">fe80::e530:9589:5d64:74f3</Data>
> <Data Name="DestPort">54188</Data>
> <Data Name="Protocol">17</Data>
> <Data Name="FilterRTID">0</Data>
> <Data Name="LayerName">%%14610</Data>
> <Data Name="LayerRTID">46</Data>
> </EventData>
> </Event>
| 
XML Sitemap