Event Details
User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 861 - The Windows Firewall has detected an application listening for incoming traffic [Win 2003 / XP]
EventID 861 - The Windows Firewall has detected an application listening for incoming traffic [Win 2003 / XP]
 Sample: 
        Event Type:     Success Audit
        Event Source:   Security
        Event Category: Detailed Tracking
        Event ID:       861
        Date:           10/26/2009
        Time:           07:41:25
        User:           NT AUTHORITY\SYSTEM
        Computer:       DC1
        Description:
        The Windows Firewall has detected an application listening for incoming traffic.
        Name: -
        Path: C:\WINDOWS\system32\lsass.exe
        Process identifier:	428
        User account:	SYSTEM
        User domain:	NT AUTHORITY
        Service:	Yes
        RPC server:	No
        IP version:	IPv4
        IP protocol:	UDP
        Port number:	4500
        Allowed:	Yes
        User notified:	No
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2003
Windows XP
Category Detailed Tracking
Source Security
EventId 861
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. User Account SYSTEM
What The type of activity occurred (e.g. Logon, Password Changed, etc.) Category
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "Low" Low
WhoDomain Domain NT AUTHORITY
WhereDomain -
Comments
You must be logged in to comment