Event Id 5152 Windows Filtering Platform

Event Id 5152 And 5157

Just for your information, if you want to disable the security audit from Windows Firewall, run the following command: auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec

Event 5157 and Event 5152 are general Windows Firewall security audit, you should look into the event detail of the blocked connection attempt to decide whether that attempt should be allowed.

ID Message 5152 The Windows Filtering Platform blocked a packet.

ID Message 5152 The Windows Filtering Platform blocked a packet.

If the connection attempt is malicious or not necessary in your environment, you can safely ignore it.

NinaPlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Analyze the entire log to determine the source, the destination, the application/service that sent the packet , the protocol, and the port number.