Share via


Event ID 4944 — Firewall Service and Driver Initialization

Applies To: Windows Server 2008

The Windows Firewall service (MpsSvc) and its supporting driver must be running to provide the core firewall functionality and to manage the firewall and connection security rules that define how the firewall operates. When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures in starting the required software components, or when the components stop operating due to a failure.

Note: Because the Windows Firewall services applies Windows service hardening rules to standard Windows Networking services, Microsoft does not support stopping the Windows Firewall service. If you do not want to use Windows Firewall, turn the firewall features off without stopping the service.

Event Details

Product: Windows Operating System
ID: 4944
Source: Microsoft-Windows-Security-Auditing
Version: 6.0
Symbolic Name: SE_AUDITID_ETW_FIREWALL_STARTUP_STATE
Message: The following policy was active when the Windows Firewall started.

Group Policy Applied:%t%1
Profile Used:%t%2
Operational mode:%t%3
Allow Remote Administration:%t%4
Allow Unicast Responses to Multicast/Broadcast Traffic:%t%5
Security Logging:
%tLog Dropped Packets:%t%6
%tLog Successful Connections:%t%7

Resolve

This is a normal condition. No further action is required.

Firewall Service and Driver Initialization

Windows Firewall with Advanced Security