Event Details
Operating System->Microsoft Windows->Built-in logs->Windows 2000-2003->Security Log->Policy Change->EventID 848 - The following policy was active when the Windows Firewall started [Win 2003 / XP]
EventID 848 - The following policy was active when the Windows Firewall started [Win 2003 / XP]

This event logs the Windows Firewall policy settings in effect at the time of startup, which is usually when the Windows system boots up.

You can get details on Windows Firewall configuration at the Microsoft's site in this article.

Find more information about this event on ultimatewindowssecurity.com.

Corresponding events on other OS versions:
Windows 2008
Event Type:     Success Audit
Event Source:   Security
Event Category: Policy Change
Event ID:       848
Date:           12/16/2009
Time:           06:50:28
Computer:       DC1
The following policy was active when the Windows Firewall started.

Group Policy applied: No
Profile used: Standard
Interface: All interfaces
Operational mode: Off
     File and Printer Sharing: Disabled
     Remote Desktop: Disabled
     UPnP Framework: Disabled
Allow remote administration: Disabled
Allow unicast responses to multicast/broadcast traffic: Disabled
Security Logging:
     Log dropped packets: Disabled
     Log successful connections Disabled
     Allow incoming echo request: Disabled
     Allow incoming timestamp request: Disabled
     Allow incoming mask request: Disabled
     Allow incoming router request: Disabled
     Allow outgoing destination unreachable: Disabled
     Allow outgoing source quench: Disabled
     Allow outgoing parameter problem: Disabled
     Allow outgoing time exceeded: Disabled
     Allow redirect: Disabled
     Allow outgoing packet too big: Disabled
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2003
Windows XP
Category Policy Change
Source Security
EventId 848
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. Type Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Category A name for a subclass of events within the same Event Source. Category Logon/Logoff
Group Policy applied Indicates whether Windows Firewall was getting its settings from Group Policy or the system's local policy. InsertionString1 No
Profile used Standard or Domain. Domain profile is applied when the computer is on its "home" network, Standard profile is applied when the computer is not connected to its "home" network, e.g. out travelling and connected to public internet via Wi-Fi. InsertionString2 Standard
Interface Displays Network Interface Cards the firewall is configured for. InsertionString3 All interfaces
Operational mode Shows whether Windows Firewall was enabled or not. InsertionString4 Off
File and Printer Sharing InsertionString5 Disabled
Remote Desktop InsertionString6 Disabled
UPnP Framework InsertionString7 Disabled
Allow remote administration InsertionString8 Disabled
Allow unicast responses to multicast/broadcast traffic InsertionString9 Disabled
Log dropped packets InsertionString10 Disabled
Allow incoming echo request InsertionString14 Disabled
Allow incoming timestamp request InsertionString19 Disabled
Allow incoming mask request InsertionString20 Disabled
Allow incoming router request InsertionString18 Disabled
Allow outgoing destination unreachable InsertionString12 Disabled
Allow outgoing source quench InsertionString17 Disabled
Allow outgoing parameter problem InsertionString16 Disabled
Allow outgoing time exceeded InsertionString15 Disabled
Allow redirect InsertionString13 Disabled
Allow outgoing packet too big InsertionString21 Disabled
You must be logged in to comment