Event Details
User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 852 - A change has been made to the Windows Firewall port exception list [Win 2003 / XP]
EventID 852 - A change has been made to the Windows Firewall port exception list [Win 2003 / XP]
 Sample: 
Event Type:     Success Audit
Event Source:   Security
Event Category: Policy Change
Event ID:       852
Date:           12/16/2009
Time:           06:52:05
User:           NT AUTHORITY\SYSTEM
Computer:       DC1
Description:    
A change has been made to the Windows Firewall port exception list.

Policy origin: Local Policy
Profile changed: Standard
Interface: All interfaces
Change type: Modify
New Settings:
     Name: NetBIOS Name Service
     Port number: 137
     Protocol: UDP
     State: Enabled
     Scope: Local subnet only
Old Settings:
     Name: NetBIOS Name Service
     Port number: 137
     Protocol: UDP
     State: Disabled
     Scope: Local subnet only
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2003
Windows XP
Category Policy Change
Source Security
EventId 852
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. User
What The type of activity occurred (e.g. Logon, Password Changed, etc.) Category
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "Low" Low
WhoDomain -
WhereDomain -
Comments
You must be logged in to comment