Event Details
User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 853 - The Windows Firewall operational mode has changed [Win 2003 / XP]
EventID 853 - The Windows Firewall operational mode has changed [Win 2003 / XP]
 Sample: 
Event Type:     Success Audit
Event Source:   Security
Event Category: Policy Change
Event ID:       853
Date:           12/16/2009
Time:           06:48:24
User:           NT AUTHORITY\SYSTEM
Computer:       DC1
Description:    
The Windows Firewall operational mode has changed.

Policy origin: Local Policy
Profile changed: Standard
Interface: All interfaces
New Setting:
     Operation mode: Off
Old Setting:
     Operation mode: On
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2003
Windows XP
Category Policy Change
Source Security
EventId 853
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. User
What The type of activity occurred (e.g. Logon, Password Changed, etc.) Category
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "Low" Low
WhoDomain -
WhereDomain -
Comments
You must be logged in to comment