unsure of KB2654852
Hi,
Thanks for posting in Microsoft TechNet forums.
If we enable the "Filtering Platform Connection" audit policy on a Windows Server 2008 R2 computer and stop the Windows Firewall service, the Windows Filtering Platform (WFP) will incorrectly set the value of the ActionType property to FWP_ACTION_BLOCK and
thus a "The Windows Filtering Platform has blocked a connection" event will be logged in the Security log incorrectly.
WFP does not actually block the traffic. However, it can cause confusion in auditing log.
Regards
Kevin
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
August 30th, 2012 10:34pm
http://support.microsoft.com/kb/2654852
I am unsure what this KB article actually means is it a false alarm, or is it actually blocking the traffic?
September 1st, 2012 5:14pm
Hi,
Thanks for posting in Microsoft TechNet forums.
If we enable the "Filtering Platform Connection" audit policy on a Windows Server 2008 R2 computer and stop the Windows Firewall service, the Windows Filtering Platform (WFP) will incorrectly set the value of the ActionType property to FWP_ACTION_BLOCK and
thus a "The Windows Filtering Platform has blocked a connection" event will be logged in the Security log incorrectly.
WFP does not actually block the traffic. However, it can cause confusion in auditing log.
Regards
Kevin
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2012 10:21pm