防火墙关闭时,事件日志中出现 Windows 过滤平台事件是否正常?我使用的是 Windows Server 2008 R2 Service Pack 1。
例如,我收到多个如下的 5156 事件:
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 6012
Application Name: \device\harddiskvolume1\localdomain\syslog\localdomainsyslogserver.exe
Network Information:
Direction: Outbound
Source Address: 127.0.0.1
Source Port: 52207
Destination Address: 127.0.0.1
Destination Port: 1433
Protocol: 6
Filter Information:
Filter Run-Time ID: 0
Layer Name: Connect
Layer Run-Time ID: 48
而“netsh advfirewall”显示以下内容:
C:\>netsh advfirewall show allprofiles state
Domain Profile Settings:
----------------------------------------------------------------------
State OFF
Private Profile Settings:
----------------------------------------------------------------------
State OFF
Public Profile Settings:
----------------------------------------------------------------------
State OFF
Ok.
我知道我可以通过改变审计策略来删除它。