This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Windows Vista Business 32-bit SP1 build 6.0.6001. The Security Auditing Log is filling with thousands of identical events every hour. The event id is 5152.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 6/15/2009 12:01:04 PM
Event ID: 5152
Task Category: Filtering Platform Packet Drop
Level: Information
Keywords: Audit Failure
User: N/A
Computer: D4J96D1.corp.trexlerhainesgas.com
Description:
The Windows Filtering Platform blocked a packet.
Application Information:
Process ID: 0
Application Name: -
Network Information:
Direction: Outbound
Source Address: 192.168.0.112
Source Port: 0
Destination Address: 192.168.0.112
Destination Port: 0
Protocol: 1
Filter Information:
Filter Run-Time ID: 65870
Layer Name: ICMP Error
Layer Run-Time ID: 32
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5152</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12809</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2009-06-15T16:01:04.395Z" />
<EventRecordID>2702755</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="60" />
<Channel>Security</Channel>
<Computer>D4J96D1.corp.trexlerhainesgas.com</Computer>
<Security />
</System>
<EventData>
<Data Name="ProcessId">0</Data>
<Data Name="Application">-</Data>
<Data Name="Direction">%%14593</Data>
<Data Name="SourceAddress">192.168.0.112</Data>
<Data Name="SourcePort">0</Data>
<Data Name="DestAddress">192.168.0.112</Data>
<Data Name="DestPort">0</Data>
<Data Name="Protocol">1</Data>
<Data Name="FilterRTID">65870</Data>
<Data Name="LayerName">%%14601</Data>
<Data Name="LayerRTID">32</Data>
</EventData>
tsmith
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Answer accepted by question author
Hi tsmiththi,
Thanks for using the Community Forums for Microsoft Vista.
It looks very much like a virus\trojan.
I would run scans to make sure that it is or is not that.
Take a look at this “sticky” to learn more about some useful tools to check your computer.
Please let us know if we can do anything else for you.
Matt
Microsoft Answers Support Engineer
Visit our Microsoft Answers Feedback Forum and let us know what you think.
I'm facing the same too, anyway to resolve this?
run windows 2008 + AD, and outbound internet traffic will encountered the same error
Sorry, yes. This machine is a member of an Active Directory domain in our small business.
tsmith
Are you on a Domain?
Matt
Microsoft Answers Support Engineer
Visit our Microsoft Answers Feedback Forum and let us know what you think.
We are running Trend-Micro Worry-Free Business Security Advanced, and my machine was just scanned with the 6/14 definition updates. I will download and run sysinterals rootkit scanner as well.
tsmith
