防火墙关闭时写入的 Windows 筛选平台事件

防火墙关闭时，事件日志中出现 Windows 过滤平台事件是否正常？我使用的是 Windows Server 2008 R2 Service Pack 1。

例如，我收到多个如下的 5156 事件：

The Windows Filtering Platform has permitted a connection.

Application Information:
    Process ID:     6012
    Application Name:   \device\harddiskvolume1\localdomain\syslog\localdomainsyslogserver.exe

Network Information:
    Direction:      Outbound
    Source Address:     127.0.0.1
    Source Port:        52207
    Destination Address:    127.0.0.1
    Destination Port:       1433
    Protocol:       6

Filter Information:
    Filter Run-Time ID: 0
    Layer Name:     Connect
    Layer Run-Time ID:  48

而“netsh advfirewall”显示以下内容：

C:\>netsh advfirewall show allprofiles state

Domain Profile Settings:
----------------------------------------------------------------------
State                                 OFF

Private Profile Settings:
----------------------------------------------------------------------
State                                 OFF

Public Profile Settings:
----------------------------------------------------------------------
State                                 OFF
Ok.

我知道我可以通过改变审计策略来删除它。