Event Details
User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 851 - A change has been made to the Windows Firewall application exception list [Win 2003 / XP]
EventID 851 - A change has been made to the Windows Firewall application exception list [Win 2003 / XP]
 Sample: 
Event Type:     Success Audit
Event Source:   Security
Event Category: Policy Change
Event ID:       851
Date:           12/16/2009
Time:           06:56:37
User:           NT AUTHORITY\SYSTEM
Computer:       DC1
Description:    
A change has been made to the Windows Firewall application exception list.

Policy origin: Local Policy
Profile changed: Standard
Change type: Add
New Settings:
     Name: FAR manager
     Path: C:\Program Files\Far\Far.exe
     State: Enabled
     Scope: All subnets
Old Settings:
     Name: -
     Path: -
     State: -
     Scope: -
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2003
Windows XP
Category Policy Change
Source Security
EventId 851
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. User
What The type of activity occurred (e.g. Logon, Password Changed, etc.) Category
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "Low" Low
WhoDomain -
WhereDomain -
Comments
You must be logged in to comment