Event ID 2004 — Firewall Rule Processing
Applies To: Windows Server 2008 R2
Windows Firewall with Advanced Security receives its rules from local security policy stored in the system registry, and from Group Policy delivered by Active Directory. After receiving a new or modified policy, Windows Firewall must process each rule in the applied policies to interpret what network traffic is to be blocked, allowed, or protected by using Internet Protocol security (IPsec).
When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures, both in retrieving policy and in processing the rules defined in the policy.
Event Details
Product: | Windows Operating System |
ID: | 2004 |
Source: | Microsoft-Windows-Windows Firewall with Advanced Security |
Version: | 6.1 |
Symbolic Name: | WFRuleAddEvent |
Message: | A rule has been added to the Windows Firewall exception list. Added Rule: %tRule ID:%t%1 %tRuleName:%t%2 %tOrigin:%t%3 %tActive:%t%18 %tDirection:%t%6 %tProfiles:%t%11 %tAction:%t%10 %tApplication Path:%t%4 %tService Name:%t%5 %tProtocol:%t%7 %tSecurity Options:%t%21 %tEdge Traversal:%t%19 %tModifying User:%t%22 %tModifying Application:%t%23" |
Resolve
This is a normal condition. No further action is required.