Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {DD08FD3C-92F6-403F-AEAA-A324BC9741F6}
Rule Name: File and Printer Sharing (NB-Session-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 444 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {DD08FD3C-92F6-403F-AEAA-A324BC9741F6}
Rule Name: File and Printer Sharing (NB-Session-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 443 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-NB_Session-In-TCP
Rule Name: File and Printer Sharing (NB-Session-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 442 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {124EBD72-B7FB-4AF4-AA16-317A0195A06B}
Rule Name: File and Printer Sharing (NB-Session-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 441 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {124EBD72-B7FB-4AF4-AA16-317A0195A06B}
Rule Name: File and Printer Sharing (NB-Session-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 440 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-NB_Session-Out-TCP
Rule Name: File and Printer Sharing (NB-Session-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 439 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {981C4E1A-C34F-4575-80A9-29DB7475CD3E}
Rule Name: File and Printer Sharing (SMB-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 438 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {981C4E1A-C34F-4575-80A9-29DB7475CD3E}
Rule Name: File and Printer Sharing (SMB-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 437 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-SMB-In-TCP
Rule Name: File and Printer Sharing (SMB-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 436 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {63E9D4BF-5E49-46E0-9E58-73EEE4554AF6}
Rule Name: File and Printer Sharing (SMB-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 435 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {63E9D4BF-5E49-46E0-9E58-73EEE4554AF6}
Rule Name: File and Printer Sharing (SMB-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 434 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-SMB-Out-TCP
Rule Name: File and Printer Sharing (SMB-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 433 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {A3645A54-1E58-42FB-9C91-B0B23747D3DB}
Rule Name: File and Printer Sharing (NB-Name-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 432 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {A3645A54-1E58-42FB-9C91-B0B23747D3DB}
Rule Name: File and Printer Sharing (NB-Name-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 431 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-NB_Name-In-UDP
Rule Name: File and Printer Sharing (NB-Name-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 430 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {5EB8A784-5141-42B2-989D-D12B41060FCD}
Rule Name: File and Printer Sharing (NB-Name-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 429 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {5EB8A784-5141-42B2-989D-D12B41060FCD}
Rule Name: File and Printer Sharing (NB-Name-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 428 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-NB_Name-Out-UDP
Rule Name: File and Printer Sharing (NB-Name-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 427 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {6E857FB7-B7AD-463A-A302-B64E07C24C44}
Rule Name: File and Printer Sharing (NB-Datagram-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 426 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {6E857FB7-B7AD-463A-A302-B64E07C24C44}
Rule Name: File and Printer Sharing (NB-Datagram-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 425 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-NB_Datagram-In-UDP
Rule Name: File and Printer Sharing (NB-Datagram-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 424 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {89409B31-80EE-4CC8-B43B-39FEA8C66163}
Rule Name: File and Printer Sharing (NB-Datagram-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 423 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {89409B31-80EE-4CC8-B43B-39FEA8C66163}
Rule Name: File and Printer Sharing (NB-Datagram-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 422 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-NB_Datagram-Out-UDP
Rule Name: File and Printer Sharing (NB-Datagram-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 421 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {DDC351BA-D124-4141-B890-C5F3DA65BA63}
Rule Name: File and Printer Sharing (Spooler Service - RPC)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\spoolsv.exe
Service Name: Spooler
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 420 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {DDC351BA-D124-4141-B890-C5F3DA65BA63}
Rule Name: File and Printer Sharing (Spooler Service - RPC)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\spoolsv.exe
Service Name: Spooler
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 419 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-SpoolSvc-In-TCP
Rule Name: File and Printer Sharing (Spooler Service - RPC)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path: C:\windows\system32\spoolsv.exe
Service Name: Spooler
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 418 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {60E782DC-E43D-41A6-AE1F-FD9F8EF4FEE1}
Rule Name: File and Printer Sharing (Spooler Service - RPC-EPMAP)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path:
Service Name: Rpcss
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 417 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {60E782DC-E43D-41A6-AE1F-FD9F8EF4FEE1}
Rule Name: File and Printer Sharing (Spooler Service - RPC-EPMAP)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path:
Service Name: Rpcss
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 416 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-RPCSS-In-TCP
Rule Name: File and Printer Sharing (Spooler Service - RPC-EPMAP)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name: Rpcss
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 415 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {086CBAE6-DBAF-4D32-845F-5683C866C9C3}
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 414 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {086CBAE6-DBAF-4D32-845F-5683C866C9C3}
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 413 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-ICMP4-ERQ-In
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 412 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {9D6ABF7A-8358-4C90-B0A7-47906FE74F94}
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 411 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {9D6ABF7A-8358-4C90-B0A7-47906FE74F94}
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 410 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-ICMP4-ERQ-Out
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 409 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {FB9CD52C-3F8F-4ED9-9CE9-9D6AE8032DF9}
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 408 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {FB9CD52C-3F8F-4ED9-9CE9-9D6AE8032DF9}
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 407 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-ICMP6-ERQ-In
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 406 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {397F6E72-74BE-4B4B-AF50-5A3297A8DCD8}
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 405 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {397F6E72-74BE-4B4B-AF50-5A3297A8DCD8}
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 404 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-ICMP6-ERQ-Out
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 403 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {9029E5B7-75D6-4A0C-B8F7-FE187FC0AE18}
Rule Name: File and Printer Sharing (LLMNR-UDP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 402 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {9029E5B7-75D6-4A0C-B8F7-FE187FC0AE18}
Rule Name: File and Printer Sharing (LLMNR-UDP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 401 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-LLMNR-In-UDP
Rule Name: File and Printer Sharing (LLMNR-UDP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 400 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {33A6564E-F56F-4ED6-ACBF-9DCF62E3A0C3}
Rule Name: File and Printer Sharing (LLMNR-UDP-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 399 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {33A6564E-F56F-4ED6-ACBF-9DCF62E3A0C3}
Rule Name: File and Printer Sharing (LLMNR-UDP-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 398 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-LLMNR-Out-UDP
Rule Name: File and Printer Sharing (LLMNR-UDP-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\svchost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 397 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 9:00:06 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {806F3409-D120-4BF5-A572-750ABCA69AC3}
Adapter Name: ethernet_32772
Old Profile: Public
New Profile: Domain | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 396 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1656 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:53:36 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Domain
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 395 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1656 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:53:36 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {1F1DC290-8758-4D62-81B8-ED5FB5655673}
Adapter Name: ethernet_32774
Old Profile: Public
New Profile: None | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 394 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1656 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:53:36 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {1F1DC290-8758-4D62-81B8-ED5FB5655673}
Adapter Name: ethernet_32774
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 393 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1660 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:53:36 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {78932FB2-EDDA-48F3-BF3C-4661518C908D}
Adapter Name: ethernet_32773
Old Profile: Public
New Profile: None | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 392 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:53:35 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {78932FB2-EDDA-48F3-BF3C-4661518C908D}
Adapter Name: ethernet_32773
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 391 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:53:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall Group Policy settings have changed. The new settings have been applied | 2008 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 390 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall Group Policy settings have changed. The new settings have been applied | 2008 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 389 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1660 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:39 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall Group Policy settings have changed. The new settings have been applied | 2008 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 388 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1660 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall Group Policy settings have changed. The new settings have been applied | 2008 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 387 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:15 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {B1295C6A-409B-4F53-A230-AF825FD78DE1}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 386 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1660 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {127A9DE4-E38E-4F14-BDB4-DB6912D5116E}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 385 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1660 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {56CBEAAF-B509-4E5D-B328-68F766468E6F}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 384 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1660 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {4579E7C5-F211-4F22-88BA-A332D1051259}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 383 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1660 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 48550087-2ba6-43ad-b2bc-6ce225ca582c
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 382 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 57e35eab-c39e-4b75-8bcd-9b2de3e258d8
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 381 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: c848a472-3494-440a-9d84-6acabee7f90d
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 380 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1660 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 280744eb-e2c1-461f-bd34-0adac968b0a9
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 379 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1592 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {806F3409-D120-4BF5-A572-750ABCA69AC3}
Adapter Name: ethernet_32772
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 378 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {A8A3869D-195D-4104-B957-3EDAC9E40372}
Adapter Name: ethernet_32769
Old Profile: None
New Profile: Domain | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 377 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Domain,Public
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 376 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1192 | 1644 | n-h1-765311-12.cbci-765311-12.local | S-1-5-19 | 1/26/2021 8:52:11 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {A8A3869D-195D-4104-B957-3EDAC9E40372}
Adapter Name: ethernet_32769
Old Profile: Public
New Profile: None | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 375 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2784 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:51:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {A8A3869D-195D-4104-B957-3EDAC9E40372}
Adapter Name: ethernet_32769
Old Profile: None
New Profile: Domain | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 374 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2784 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:51:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {806F3409-D120-4BF5-A572-750ABCA69AC3}
Adapter Name: ethernet_32772
Old Profile: Public
New Profile: Domain | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 373 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2784 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:51:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Domain
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 372 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2784 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:51:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {806F3409-D120-4BF5-A572-750ABCA69AC3}
Adapter Name: ethernet_32772
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 371 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2124 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:27:21 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {806F3409-D120-4BF5-A572-750ABCA69AC3}
Adapter Name: ethernet_32772
Old Profile: Public
New Profile: None | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 370 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 1100 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:27:10 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {806F3409-D120-4BF5-A572-750ABCA69AC3}
Adapter Name: ethernet_32772
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 369 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2784 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:27:09 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {F21B2B33-2B79-4ED9-A375-020103E36B41}
Adapter Name: ethernet_32770
Old Profile: Public
New Profile: None | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 368 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2124 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:12:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {F21B2B33-2B79-4ED9-A375-020103E36B41}
Adapter Name: ethernet_32770
Old Profile: Public
New Profile: None | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 367 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2124 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:12:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting in the Public profile has changed.
New Setting:
Type: Enable Windows Firewall
Value: No
Modifying User: S-1-5-21-518661759-3914617765-1533228700-1001
Modifying Application: C:\Windows\System32\wbem\WmiPrvSE.exe | 2003 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 366 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2224 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:12:36 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting in the Private profile has changed.
New Setting:
Type: Enable Windows Firewall
Value: No
Modifying User: S-1-5-21-518661759-3914617765-1533228700-1001
Modifying Application: C:\Windows\System32\wbem\WmiPrvSE.exe | 2003 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 365 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2224 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:12:36 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting in the Domain profile has changed.
New Setting:
Type: Enable Windows Firewall
Value: No
Modifying User: S-1-5-21-518661759-3914617765-1533228700-1001
Modifying Application: C:\Windows\System32\wbem\WmiPrvSE.exe | 2003 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 364 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2224 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:12:36 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {FCCB1670-4980-4692-A8ED-241593044DBD}
Rule Name: WinRM HTTPS
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Allow
Application Path:
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-518661759-3914617765-1533228700-1000
Modifying Application: C:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\python.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 363 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2232 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:10:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Reason: Inbound notifications are not enabled
Application Path: C:\program files\cloudbase solutions\cloudbase-init\python\python.exe
IP Version: IPv4
Protocol: UDP
Port: 68
Process Id: 3752
User: S-1-5-21-518661759-3914617765-1533228700-1000 | 2011 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 362 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2248 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:10:13 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall Group Policy settings have changed. The new settings have been applied | 2008 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 361 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2220 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:10:10 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {127A9DE4-E38E-4F14-BDB4-DB6912D5116E}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 360 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2220 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {91E498B2-B4CA-48C7-BE60-84609D37E6F1}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 359 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2220 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {4579E7C5-F211-4F22-88BA-A332D1051259}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 358 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2220 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {64BC68DA-0289-456B-951B-FA9968DF8F99}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 357 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2224 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: c848a472-3494-440a-9d84-6acabee7f90d
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 356 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2224 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 280744eb-e2c1-461f-bd34-0adac968b0a9
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 355 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2232 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 3522f3f8-76af-4f7c-83ca-f6eb83836e17
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 354 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2232 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 2a54d850-aa28-469e-a3a1-7492ea929372
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 353 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2232 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {A8A3869D-195D-4104-B957-3EDAC9E40372}
Adapter Name: ethernet_32769
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 352 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2232 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {F21B2B33-2B79-4ED9-A375-020103E36B41}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 351 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 540 | 2232 | n-h1-765311-12 | S-1-5-19 | 1/26/2021 8:09:55 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Reason: Inbound notifications are not enabled
Application Path: C:\program files\cloudbase solutions\cloudbase-init\python\python.exe
IP Version: IPv4
Protocol: UDP
Port: 68
Process Id: 1240
User: S-1-5-18 | 2011 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 350 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1576 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:56 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {91E498B2-B4CA-48C7-BE60-84609D37E6F1}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 349 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1748 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:04 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {28CD784E-0032-456D-BD32-3C17A8CFC78B}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 348 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1748 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:04 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {64BC68DA-0289-456B-951B-FA9968DF8F99}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 347 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1748 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:04 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {793E8B84-7BC5-40EF-9F3B-A2ADA2B56658}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 346 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1748 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:04 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 3522f3f8-76af-4f7c-83ca-f6eb83836e17
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 345 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1748 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:04 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 2a54d850-aa28-469e-a3a1-7492ea929372
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 344 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1748 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:04 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 23ddbc85-739e-4952-bd65-d94878d7f7b8
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 343 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1748 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:04 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 3a6dfdd9-ba55-4e72-aefd-93c4f320b250
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 342 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 504 | 1748 | WIN-5T344G8GM1H | S-1-5-19 | 1/26/2021 8:08:04 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name:
Old Profile: Private
New Profile: None | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 341 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 2772 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:48:09 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Public
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 340 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 2772 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:48:09 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall Group Policy settings have changed. The new settings have been applied | 2008 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 339 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 2748 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:32 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {28CD784E-0032-456D-BD32-3C17A8CFC78B}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 338 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 1284 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {52162460-E8C1-47EB-B65E-631DF81E7E94}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 337 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 1284 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {793E8B84-7BC5-40EF-9F3B-A2ADA2B56658}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 336 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 2748 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {58B03810-90C6-45AE-947D-2C46C77FBF45}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 335 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 2772 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 23ddbc85-739e-4952-bd65-d94878d7f7b8
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 334 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 2772 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 3a6dfdd9-ba55-4e72-aefd-93c4f320b250
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 333 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 2772 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: f09bf1aa-46c8-4185-a941-76d9c975034c
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 332 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 1284 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 8daf373b-4735-42ba-b8fe-007b8c7180a8
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 331 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 2800 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 330 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 1284 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 329 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1232 | 1284 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:30 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: iSCSITarget-Service-RPCSS-In-TCP
Rule Name: iSCSI Target Service (RPC-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: rpcss
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 328 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 1424 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:38:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: iSCSITarget-Service-iSCSI-In-TCP
Rule Name: iSCSI Target (TCP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: WinTarget
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 327 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 1424 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:38:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: FileServer-ServerManager-SMB-TCP-In
Rule Name: File Server Remote Management (SMB-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 326 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 1424 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:38:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: FileServer-ServerManager-DCOM-TCP-In
Rule Name: File Server Remote Management (DCOM-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: RPCSS
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 325 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:38:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: FileServer-ServerManager-Winmgmt-TCP-In
Rule Name: File Server Remote Management (WMI-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Winmgmt
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 324 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:38:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRTCL-WMI-ASYNC-In-TCP-NoScope
Rule Name: Hyper-V Management Clients - WMI (Async-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\wbem\unsecapp.exe
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 323 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:35:29 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRTCL-WMI-WINMGMT-Out-TCP-NoScope
Rule Name: Hyper-V Management Clients - WMI (TCP-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: winmgmt
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 322 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:35:29 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRTCL-WMI-WINMGMT-In-TCP-NoScope
Rule Name: Hyper-V Management Clients - WMI (TCP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: winmgmt
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 321 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:35:29 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRTCL-WMI-RPCSS-In-TCP-NoScope
Rule Name: Hyper-V Management Clients - WMI (DCOM-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: rpcss
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 320 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 1424 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:35:29 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall Group Policy settings have changed. The new settings have been applied | 2008 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 319 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:18 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall Group Policy settings have changed. The new settings have been applied | 2008 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 318 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:17 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {52162460-E8C1-47EB-B65E-631DF81E7E94}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 317 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 1604 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {6AA7706D-F2C7-4E3A-B219-A1290672A848}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 316 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2740 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {58B03810-90C6-45AE-947D-2C46C77FBF45}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 315 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2740 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {ADC7E33B-4F2A-478B-985C-72CDC12A8114}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 314 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2740 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: f09bf1aa-46c8-4185-a941-76d9c975034c
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 313 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 8daf373b-4735-42ba-b8fe-007b8c7180a8
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 312 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2660 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 7508a2d6-6381-433f-aff8-6e695b0c8ddc
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 311 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2740 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 310 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 1136 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 309 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 1136 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: bc134ddb-1788-49fa-bf17-5548ff4d4c98
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 308 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1224 | 2740 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: WMI-RPCSS-In-TCP
Rule Name: Windows Management Instrumentation (DCOM-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: rpcss
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 307 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: WMI-WINMGMT-In-TCP
Rule Name: Windows Management Instrumentation (WMI-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: winmgmt
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 306 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: WMI-WINMGMT-Out-TCP
Rule Name: Windows Management Instrumentation (WMI-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: winmgmt
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 305 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: WMI-ASYNC-In-TCP
Rule Name: Windows Management Instrumentation (ASync-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\wbem\unsecapp.exe
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 304 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-HVRHTTPSL-In-TCP-NoScope
Rule Name: Hyper-V Replica HTTPS Listener (TCP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 303 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-HVRHTTPL-In-TCP-NoScope
Rule Name: Hyper-V Replica HTTP Listener (TCP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 302 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-REMOTEDESKTOP-In-TCP-NoScope
Rule Name: Hyper-V (REMOTE_DESKTOP_TCP_IN)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\vmms.exe
Service Name: vmms
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 301 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1676 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-MIGL-In-TCP-NoScope
Rule Name: Hyper-V (MIG-TCP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\vmms.exe
Service Name: vmms
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 300 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-VMMS-RPC-In-NoScope
Rule Name: Hyper-V (RPC)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 299 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-VMMS-RPC-EPMAP-In-NoScope
Rule Name: Hyper-V (RPC-EPMAP)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 298 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-WMI-ASYNC-In-TCP-NoScope
Rule Name: Hyper-V - WMI (Async-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\wbem\unsecapp.exe
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 297 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-WMI-WINMGMT-Out-TCP-NoScope
Rule Name: Hyper-V - WMI (TCP-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: winmgmt
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 296 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-WMI-WINMGMT-In-TCP-NoScope
Rule Name: Hyper-V - WMI (TCP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: winmgmt
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 295 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: VIRT-WMI-RPCSS-In-TCP-NoScope
Rule Name: Hyper-V - WMI (DCOM-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: rpcss
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 294 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Reason: Inbound notifications are not enabled
Application Path: C:\windows\system32\vmms.exe
IP Version: IPv6
Protocol: TCP
Port: 2179
Process Id: 2360
User: S-1-5-18 | 2011 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 293 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1604 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: Microsoft-Windows-Hyper-V-HostAgent-WCF-TLS
Rule Name: Network Controller Host Agent WCF over TLS (TCP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: system
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 292 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: Microsoft-Windows-Hyper-V-HostAgent-WCF
Rule Name: Network Controller Host Agent WCF (TCP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: system
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 291 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:53 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: Microsoft-Windows-Hyper-V-HostAgent
Rule Name: Network Controller Host Agent (TCP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: NcHostAgent
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 290 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:52 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: DnsProxy-UDP-Out
Rule Name: All Outgoing (UDP)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\System32\Microsoft.DnsProxy.exe
Service Name: dnsproxy
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 289 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:52 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: DnsProxy-TCP-Out
Rule Name: All Outgoing (TCP)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\System32\Microsoft.DnsProxy.exe
Service Name: dnsproxy
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 288 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:52 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: DnsProxy-UDP-In
Rule Name: DNS Proxy (UDP, Incoming)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\System32\Microsoft.DnsProxy.exe
Service Name: dnsproxy
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 287 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:52 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: DnsProxy-TCP-In
Rule Name: DNS Proxy (TCP, Incoming)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\System32\Microsoft.DnsProxy.exe
Service Name: dnsproxy
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 286 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1356 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:52 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {6AA7706D-F2C7-4E3A-B219-A1290672A848}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 285 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1336 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {2B4F04AF-DA2D-4FAA-93F9-C6C528A57217}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 284 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1336 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {ADC7E33B-4F2A-478B-985C-72CDC12A8114}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 283 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1676 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {67955F0B-B27C-4802-AAED-B0BC75525E58}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 282 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1676 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 7508a2d6-6381-433f-aff8-6e695b0c8ddc
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 281 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1336 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: bc134ddb-1788-49fa-bf17-5548ff4d4c98
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 280 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1336 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 24dbfdcd-b7a2-41bc-a963-7de1f7378351
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 279 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1336 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 95cdeffe-6bdf-488f-aa22-380a5dd25867
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 278 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1336 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 277 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1336 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 276 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1180 | 1336 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:26:41 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {2B4F04AF-DA2D-4FAA-93F9-C6C528A57217}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 275 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1524 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {3C0DCF06-727F-4C1C-A17D-B2E307F6393A}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 274 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1388 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {67955F0B-B27C-4802-AAED-B0BC75525E58}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 273 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1524 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {A385AD98-0D8E-4DAE-AD1E-476BE4CAD066}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 272 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1388 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 24dbfdcd-b7a2-41bc-a963-7de1f7378351
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 271 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1388 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 95cdeffe-6bdf-488f-aa22-380a5dd25867
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 270 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1524 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: f9fd1d34-61e0-4453-a172-2004d805072a
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 269 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1524 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 75c2544a-11ea-4905-bd18-3d452df30f5f
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 268 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1388 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 267 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1260 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 266 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1252 | 1260 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:01 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: Public
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 265 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2016 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:19:17 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 264 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2016 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:19:17 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 263 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 3656 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:19:17 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: Private
New Profile: None | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 262 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2024 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:19:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Public
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 261 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2024 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:19:16 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {3C0DCF06-727F-4C1C-A17D-B2E307F6393A}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 260 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2636 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {5AA00C45-3E07-4D5D-8464-087836F840C9}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 259 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2644 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {A385AD98-0D8E-4DAE-AD1E-476BE4CAD066}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 258 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2644 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {1D286DDB-2399-4F71-900C-3E470AD22146}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 257 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2644 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: f9fd1d34-61e0-4453-a172-2004d805072a
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 256 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2644 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 75c2544a-11ea-4905-bd18-3d452df30f5f
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 255 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2644 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 209daab2-5cf3-4c8c-b880-486b3b736003
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 254 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2024 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: e975d015-e97e-40c0-9730-db3680dfec96
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 253 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2016 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:50 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {5AA00C45-3E07-4D5D-8464-087836F840C9}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 252 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2644 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {5F7A6828-8AF1-4B4C-A3D6-EF24B271353A}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 251 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2644 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {1D286DDB-2399-4F71-900C-3E470AD22146}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 250 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2016 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {CCDFA833-E4F7-4DC5-B021-0EDA0AC7B037}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 249 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2016 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 209daab2-5cf3-4c8c-b880-486b3b736003
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 248 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2636 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: e975d015-e97e-40c0-9730-db3680dfec96
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 247 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2636 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 26e8a94f-aaba-4ea0-abdd-c3bbce7a83a1
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 246 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2636 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: aae762cd-28a3-417b-9c41-5c2350a975da
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 245 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2024 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 244 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2016 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 243 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1128 | 2016 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:49 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {5F7A6828-8AF1-4B4C-A3D6-EF24B271353A}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 242 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {A71A1E9B-2971-4198-A206-F0EDCF3A8BF3}
Rule Name: WinDefend Outbound for HTTP
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 241 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {CCDFA833-E4F7-4DC5-B021-0EDA0AC7B037}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 240 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {0BC41FC5-340D-4712-9682-EAA55F71AF0F}
Rule Name: WinDefend Outbound for HTTPS
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 239 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 26e8a94f-aaba-4ea0-abdd-c3bbce7a83a1
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 238 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: aae762cd-28a3-417b-9c41-5c2350a975da
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 237 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: f79a44f5-14cf-482e-aff7-3d9a2b22de0c
Rule Name: Outbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 236 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: 2b9022a4-1579-46dc-8fc5-3462b632eeba
Rule Name: Inbound service restriction rule for WinDefend
Modifying User: S-1-5-18
Modifying Application: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 235 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:34 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {A71A1E9B-2971-4198-A206-F0EDCF3A8BF3}
Rule Name: WinDefend Outbound for HTTP
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Program Files\Windows Defender\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 234 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 2324 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:32 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {0BC41FC5-340D-4712-9682-EAA55F71AF0F}
Rule Name: WinDefend Outbound for HTTPS
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Program Files\Windows Defender\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 233 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 2324 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:32 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: f79a44f5-14cf-482e-aff7-3d9a2b22de0c
Rule Name: Outbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Program Files\Windows Defender\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 232 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 2324 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:32 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: 2b9022a4-1579-46dc-8fc5-3462b632eeba
Rule Name: Inbound service restriction rule for WinDefend
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Service Name: WinDefend
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Program Files\Windows Defender\MsMpEng.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 231 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 1160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:52:32 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 230 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 2324 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:50:03 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 229 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1124 | 2324 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:50:03 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: Public
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 228 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1168 | 2268 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:24:00 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 227 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1168 | 2268 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:24:00 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: Private
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 226 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1168 | 2268 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:24:00 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Public
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 225 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1168 | 2268 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:24:00 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: Public
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 224 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1168 | 2268 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:23:57 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 223 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1168 | 2268 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:23:57 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {518CDFA4-5492-4D9E-BEAA-908825A4A289}
Adapter Name: ethernet_32770
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 222 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1168 | 1792 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:23:57 AM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {5C5D9A3A-40D7-47B4-B915-59C9831563DF}
Adapter Name: ethernet_32769
Old Profile: None
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 221 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1132 | 1940 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:06:25 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 220 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1132 | 1940 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:06:25 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {CB3094AC-8861-495D-BE6B-846489AE6932}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 219 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {B35B9870-C88F-467C-8DC7-CB0F50A3AEA4}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 218 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {77301AB6-2044-4D7C-A335-15C4489415DC}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 217 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {B0FA2EF8-0B26-4922-BD96-F74807F22A29}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 216 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {764B89A5-D753-4F4E-B457-B265CC72DE15}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 215 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {505B78CC-577C-40BD-90F4-8C0293278B5F}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 214 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {F74CD4EB-7B5F-4EDC-B113-6D8AE70C4EEC}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 213 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {2D0ACCFA-F1F4-4CBC-BBCE-450607A21E50}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 212 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {653FC29A-0973-422D-8242-D00BCC27AB62}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 211 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {2A7E7446-6C18-4197-BBCC-E6FB7929AEC3}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 210 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {E41AAE10-2277-49D3-AAA1-8B281A8888D3}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 209 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {193D8F15-4095-47B8-8292-9C87793905D3}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 208 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {4B83510C-E084-4669-8937-1F10D9AD5013}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 207 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {97A37C7E-88F8-4E9C-A507-DD02E63F4B1E}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 206 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {BF2D0261-3D6D-483A-92DE-9AE1C13008F9}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 205 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {F693ECF9-F6DB-45A3-974F-5F2B073DECCE}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 204 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {4851B067-6F3F-414B-952A-D2138ABC0766}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 203 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {5AD7B3E9-C09F-4D73-AF84-2550987AAFC8}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 202 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {3B095D3D-D5ED-4BBF-9FCF-42D10F9DFFD1}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.1715_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 201 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {69DA3531-99F1-43A8-B721-1152F65EA59D}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.1715_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 200 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {64209185-1974-4588-A9DF-8B34EA97115C}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.1715_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 199 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {63081CF2-5E43-4437-9BEF-82D5C453D926}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.1715_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 198 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {93542257-3E04-4FDF-8A51-67508426BB05}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 197 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {CF541764-FE50-4C9A-9235-EB7A35343918}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 196 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {73A52268-3D67-41C8-A723-00FA33F941D3}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 195 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {4CE4A496-C599-46BE-A16F-AF8BB6B822C1}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 194 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {C1AEAE62-8E0D-4246-A834-F91D5BF0FD0B}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.1715_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 193 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {620B7DFF-1145-4749-A8D0-9198237B995E}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.1715_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 192 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {4025FC0E-D001-4BFC-9734-E179F1B1E4CE}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.1715_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 191 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {84D01BA8-466B-4D01-A6F5-574A2369829F}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.1715_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 190 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {238E4CA6-B725-41A4-9FF2-432A85BBB160}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 189 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {8ADFBCF1-8C67-4223-9283-6174738FB668}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 188 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {65AC96F9-3956-4084-BB6E-E6692AF4E627}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 187 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {6C39590F-BDFB-4D36-9C00-4E72CBE9A91A}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 186 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:09 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {2AE02A67-E65E-4200-822C-2DF13D07008C}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: Allow
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 185 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {B8402103-9D15-4AEB-BFF8-D51AFED2A37A}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 184 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {A3897471-B7BB-4218-B99D-152C37703934}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 183 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {FD23BCC2-6530-4BC6-833F-F80B023B87D9}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 182 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {5BEDB103-3A1C-43C9-813C-EE9D13816EEC}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 181 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {805769D8-AD2A-4234-BEB5-0E95CE86C996}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 180 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {9BD42870-C7E7-4602-8F65-F917526706ED}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 179 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {0EFD6560-481E-4648-9B92-E9C76EE8CBCF}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 178 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {EF1E7C9B-6749-4B11-B0CB-D191631FE584}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 177 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {417EDD02-EEB6-414B-8538-75DB13153A47}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 176 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {2DFFD664-9C57-438D-9026-48B1A800289E}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 175 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {204F3C3D-F16B-47B2-808B-7BCC2550CCC0}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 174 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {0CA8AC29-3194-45B8-8E8F-ABA26F4D55F8}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 173 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {BA6E2771-B005-4F26-A655-CD081DDA367B}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 172 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {2819ACCE-5C76-46DF-BC13-7F0BC6257E3D}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 171 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {DFD93463-0749-4B57-9BC7-6139358D92B5}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 170 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {65AB2302-1369-4AB8-ACC6-E08D005EABD3}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 169 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {CDC8D6B2-A11A-4FE0-92FA-95816264C0C9}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 168 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {F4E11968-5572-4AFB-B578-AF789ADC333D}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 167 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: {FB0B2B11-DB4D-4995-9773-4ED86B862621}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 166 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:08 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-QWave-Out-TCP-PlayToScope
Rule Name: Cast to Device functionality (qWave-TCP-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Qwave
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 165 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:03 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-QWave-Out-TCP-PlayToScope
Rule Name: Cast to Device functionality (qWave-TCP-Out)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 164 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:03 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-QWave-In-TCP-PlayToScope
Rule Name: Cast to Device functionality (qWave-TCP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Qwave
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 163 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-QWave-In-TCP-PlayToScope
Rule Name: Cast to Device functionality (qWave-TCP-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 162 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-QWave-Out-UDP-PlayToScope
Rule Name: Cast to Device functionality (qWave-UDP-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Qwave
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 161 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-QWave-Out-UDP-PlayToScope
Rule Name: Cast to Device functionality (qWave-UDP-Out)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 160 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-QWave-In-UDP-PlayToScope
Rule Name: Cast to Device functionality (qWave-UDP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Qwave
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 159 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-QWave-In-UDP-PlayToScope
Rule Name: Cast to Device functionality (qWave-UDP-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 158 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-UPnP-Events-PlayToScope
Rule Name: Cast to Device UPnP Events (TCP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 157 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-UPnP-Events-PlayToScope
Rule Name: Cast to Device UPnP Events (TCP-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 156 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-SSDP-Discovery-PlayToScope
Rule Name: Cast to Device SSDP Discovery (UDP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: ssdpsrv
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 155 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-SSDP-Discovery-PlayToScope
Rule Name: Cast to Device SSDP Discovery (UDP-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 154 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-In-RTSP-PlayToScope
Rule Name: Cast to Device streaming server (RTSP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 153 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-In-RTSP-PlayToScope
Rule Name: Cast to Device streaming server (RTSP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 152 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-In-RTSP-LocalSubnetScope
Rule Name: Cast to Device streaming server (RTSP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 151 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-In-RTSP-LocalSubnetScope
Rule Name: Cast to Device streaming server (RTSP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 150 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-In-RTSP-NoScope
Rule Name: Cast to Device streaming server (RTSP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 149 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-In-RTSP-NoScope
Rule Name: Cast to Device streaming server (RTSP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 148 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-Out-UDP-PlayToScope
Rule Name: Cast to Device streaming server (RTP-Streaming-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Public
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 147 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-Out-UDP-PlayToScope
Rule Name: Cast to Device streaming server (RTP-Streaming-Out)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 146 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-Out-UDP-LocalSubnetScope
Rule Name: Cast to Device streaming server (RTP-Streaming-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 145 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-Out-UDP-LocalSubnetScope
Rule Name: Cast to Device streaming server (RTP-Streaming-Out)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 144 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-Out-UDP-NoScope
Rule Name: Cast to Device streaming server (RTP-Streaming-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 143 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-Out-UDP-NoScope
Rule Name: Cast to Device streaming server (RTP-Streaming-Out)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 142 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-In-UDP-PlayToScope
Rule Name: Cast to Device streaming server (RTCP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 141 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-In-UDP-PlayToScope
Rule Name: Cast to Device streaming server (RTCP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 140 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-In-UDP-LocalSubnetScope
Rule Name: Cast to Device streaming server (RTCP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 139 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-In-UDP-LocalSubnetScope
Rule Name: Cast to Device streaming server (RTCP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 138 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-In-UDP-NoScope
Rule Name: Cast to Device streaming server (RTCP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: C:\windows\system32\mdeserver.exe
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 137 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-In-UDP-NoScope
Rule Name: Cast to Device streaming server (RTCP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 136 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-HTTPSTR-In-TCP-PlayToScope
Rule Name: Cast to Device streaming server (HTTP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 135 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-HTTPSTR-In-TCP-PlayToScope
Rule Name: Cast to Device streaming server (HTTP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 134 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-HTTPSTR-In-TCP-LocalSubnetScope
Rule Name: Cast to Device streaming server (HTTP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 133 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2508 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-HTTPSTR-In-TCP-LocalSubnetScope
Rule Name: Cast to Device streaming server (HTTP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 132 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2508 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: PlayTo-HTTPSTR-In-TCP-NoScope
Rule Name: Cast to Device streaming server (HTTP-Streaming-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 131 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2508 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: PlayTo-HTTPSTR-In-TCP-NoScope
Rule Name: Cast to Device streaming server (HTTP-Streaming-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 130 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2508 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: DIAL-Protocol-Server-HTTPSTR-In-TCP-LocalSubnetScope
Rule Name: DIAL protocol server (HTTP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 129 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2508 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: DIAL-Protocol-Server-HTTPSTR-In-TCP-LocalSubnetScope
Rule Name: DIAL protocol server (HTTP-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 128 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2508 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: DIAL-Protocol-Server-In-TCP-NoScope
Rule Name: DIAL protocol server (HTTP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 127 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2508 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been deleted in the Windows Firewall exception list.
Deleted Rule:
Rule ID: DIAL-Protocol-Server-In-TCP-NoScope
Rule Name: DIAL protocol server (HTTP-In)
Modifying User: S-1-5-18
Modifying Application: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe | 2006 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 126 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2508 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:02 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {5C5D9A3A-40D7-47B4-B915-59C9831563DF}
Adapter Name: ethernet_32769
Old Profile: None
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 125 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:42:11 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 124 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1144 | 2032 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:42:11 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {B1E97310-BB6E-4B55-B5B1-6B766D91D36A}
Rule Name: Network Discovery (UPnP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 123 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {B1E97310-BB6E-4B55-B5B1-6B766D91D36A}
Rule Name: Network Discovery (UPnP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 122 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-UPnPHost-In-TCP
Rule Name: Network Discovery (UPnP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 121 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {7750FA10-395C-44EF-BE9C-D5D82F654706}
Rule Name: Network Discovery (UPnP-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 120 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {7750FA10-395C-44EF-BE9C-D5D82F654706}
Rule Name: Network Discovery (UPnP-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 119 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-UPnPHost-Out-TCP
Rule Name: Network Discovery (UPnP-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 118 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {3B31650A-60C7-4C0B-A230-E235278A52E1}
Rule Name: Network Discovery (NB-Name-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 117 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {3B31650A-60C7-4C0B-A230-E235278A52E1}
Rule Name: Network Discovery (NB-Name-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 116 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-NB_Name-In-UDP
Rule Name: Network Discovery (NB-Name-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 115 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {066FF1BD-6B86-43FB-AB41-D2DF57630FA8}
Rule Name: Network Discovery (NB-Name-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 114 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {066FF1BD-6B86-43FB-AB41-D2DF57630FA8}
Rule Name: Network Discovery (NB-Name-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 113 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-NB_Name-Out-UDP
Rule Name: Network Discovery (NB-Name-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 112 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {30E47A54-DC24-40D6-A494-9404010A6B51}
Rule Name: Network Discovery (NB-Datagram-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 111 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {30E47A54-DC24-40D6-A494-9404010A6B51}
Rule Name: Network Discovery (NB-Datagram-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 110 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-NB_Datagram-In-UDP
Rule Name: Network Discovery (NB-Datagram-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 109 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {409F30DB-318B-4222-ADDC-125FC15D7190}
Rule Name: Network Discovery (NB-Datagram-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 108 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {409F30DB-318B-4222-ADDC-125FC15D7190}
Rule Name: Network Discovery (NB-Datagram-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 107 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-NB_Datagram-Out-UDP
Rule Name: Network Discovery (NB-Datagram-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 106 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {6FFD73AC-D05F-49C2-B858-8F3817CABDAB}
Rule Name: Network Discovery (WSD EventsSecure-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 105 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {6FFD73AC-D05F-49C2-B858-8F3817CABDAB}
Rule Name: Network Discovery (WSD EventsSecure-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 104 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-WSDEVNTS-In-TCP
Rule Name: Network Discovery (WSD EventsSecure-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 103 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {6E03575D-C2C1-418B-A5D3-6E3739DB3FE4}
Rule Name: Network Discovery (WSD EventsSecure-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 102 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {6E03575D-C2C1-418B-A5D3-6E3739DB3FE4}
Rule Name: Network Discovery (WSD EventsSecure-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 101 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-WSDEVNTS-Out-TCP
Rule Name: Network Discovery (WSD EventsSecure-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 100 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {05FDF61F-6C90-4E57-846B-4D4366A1909E}
Rule Name: Network Discovery (WSD Events-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 99 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {05FDF61F-6C90-4E57-846B-4D4366A1909E}
Rule Name: Network Discovery (WSD Events-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 98 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-WSDEVNT-In-TCP
Rule Name: Network Discovery (WSD Events-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 97 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {029B39FA-7E81-4F2E-9773-5C5ABF8D032A}
Rule Name: Network Discovery (WSD Events-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 96 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {029B39FA-7E81-4F2E-9773-5C5ABF8D032A}
Rule Name: Network Discovery (WSD Events-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 95 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-WSDEVNT-Out-TCP
Rule Name: Network Discovery (WSD Events-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: System
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 94 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {E620F9FC-137E-422E-AD8A-9096B60E0E6D}
Rule Name: Network Discovery (SSDP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Ssdpsrv
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 93 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {E620F9FC-137E-422E-AD8A-9096B60E0E6D}
Rule Name: Network Discovery (SSDP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Ssdpsrv
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 92 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-SSDPSrv-In-UDP
Rule Name: Network Discovery (SSDP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Ssdpsrv
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 91 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {D3B17E7B-977B-481D-B5AB-3FC5F7499831}
Rule Name: Network Discovery (SSDP-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Ssdpsrv
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 90 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {D3B17E7B-977B-481D-B5AB-3FC5F7499831}
Rule Name: Network Discovery (SSDP-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Ssdpsrv
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 89 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-SSDPSrv-Out-UDP
Rule Name: Network Discovery (SSDP-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: Ssdpsrv
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 88 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {F1E10B69-52AE-47FB-912C-E88D225BCF4C}
Rule Name: Network Discovery (UPnPHost-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: upnphost
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 87 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {F1E10B69-52AE-47FB-912C-E88D225BCF4C}
Rule Name: Network Discovery (UPnPHost-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: upnphost
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 86 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-UPnP-Out-TCP
Rule Name: Network Discovery (UPnPHost-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: upnphost
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 85 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {72722162-3FFC-441B-AF76-7DD9E058FD36}
Rule Name: Network Discovery (WSD-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdphost
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 84 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {72722162-3FFC-441B-AF76-7DD9E058FD36}
Rule Name: Network Discovery (WSD-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdphost
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 83 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-FDPHOST-In-UDP
Rule Name: Network Discovery (WSD-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdphost
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 82 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {2D8BBE74-0F39-43A5-B62C-3BB8230DDE87}
Rule Name: Network Discovery (WSD-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdphost
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 81 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {2D8BBE74-0F39-43A5-B62C-3BB8230DDE87}
Rule Name: Network Discovery (WSD-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdphost
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 80 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-FDPHOST-Out-UDP
Rule Name: Network Discovery (WSD-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdphost
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 79 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {223E99E2-2C3E-45A1-A341-47747159BDA2}
Rule Name: Network Discovery (LLMNR-UDP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 78 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {223E99E2-2C3E-45A1-A341-47747159BDA2}
Rule Name: Network Discovery (LLMNR-UDP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 77 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-LLMNR-In-UDP
Rule Name: Network Discovery (LLMNR-UDP-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 76 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {A35ED67B-11D3-4517-A61D-9CD1D30849A2}
Rule Name: Network Discovery (LLMNR-UDP-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 75 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {A35ED67B-11D3-4517-A61D-9CD1D30849A2}
Rule Name: Network Discovery (LLMNR-UDP-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 74 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-LLMNR-Out-UDP
Rule Name: Network Discovery (LLMNR-UDP-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: dnscache
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 73 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {BAAFA7B6-983B-435B-9CCB-435799A5B068}
Rule Name: Network Discovery (Pub-WSD-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdrespub
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 72 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {BAAFA7B6-983B-435B-9CCB-435799A5B068}
Rule Name: Network Discovery (Pub-WSD-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdrespub
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 71 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-FDRESPUB-WSD-In-UDP
Rule Name: Network Discovery (Pub-WSD-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdrespub
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 70 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {F7164B50-2139-44D2-B051-BFA4BE89BDD7}
Rule Name: Network Discovery (Pub WSD-Out)
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdrespub
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 69 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {F7164B50-2139-44D2-B051-BFA4BE89BDD7}
Rule Name: Network Discovery (Pub WSD-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Private
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdrespub
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 68 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: NETDIS-FDRESPUB-WSD-Out-UDP
Rule Name: Network Discovery (Pub WSD-Out)
Origin: Local
Active: No
Direction: Outbound
Profiles: Public, Domain
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: fdrespub
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-21-416071247-492812682-1642729393-500
Modifying Application: C:\Windows\System32\dllhost.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 67 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {5C5D9A3A-40D7-47B4-B915-59C9831563DF}
Adapter Name: ethernet_32769
Old Profile: Public
New Profile: Private | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 66 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A Windows Firewall setting has changed.
New Setting:
Type: Current Profile
Value: Private
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: | 2002 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 65 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 5244 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:32 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {FF1604B0-5CC0-4172-A459-064CFEBC1D00}
Rule Name: @{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 64 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {2AEA5FEC-948E-4073-A817-B4529F067E54}
Rule Name: @{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 63 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {AED739AD-56D2-4C5A-9496-51ED64F9AC5E}
Rule Name: @{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 62 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {751CED8B-CB68-401B-929F-EB19A9F71352}
Rule Name: @{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 61 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {08213DB8-8A63-4970-AF51-D3EEE9AA8449}
Rule Name: SecondaryTileExperience
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 60 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {E429642D-F142-4E42-AAFD-50F34058913C}
Rule Name: SecondaryTileExperience
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 59 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {0C16665F-B49A-4CA4-B6BE-E8D13ADCEE8B}
Rule Name: @{Microsoft.Windows.AssignedAccessLockApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 58 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {C6EA76A6-CE2D-4E64-A279-4414063BC329}
Rule Name: @{Microsoft.Windows.AssignedAccessLockApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 57 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {C2736314-31F1-45EB-ADDB-0638221DF379}
Rule Name: @{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 56 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {84BA67CB-E075-4F42-A80B-7DEF7BCBA439}
Rule Name: @{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 55 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {822EA08F-2189-4E0A-8846-F2112DBC6900}
Rule Name: @{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 54 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {5430322C-7D09-42B9-A9DC-CE4283134947}
Rule Name: @{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 53 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {6B6EAC12-DCCC-4503-8FC7-E38C695E5C2D}
Rule Name: @{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 52 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {456A6D19-7854-4AA7-AB22-A7797A83DC7A}
Rule Name: @{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 51 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {9D04FF9F-8B51-43C1-AC16-0FDC43873F21}
Rule Name: @{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 50 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {0311F3F6-1B4A-492F-8814-DC4722E9E551}
Rule Name: @{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 49 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {238E4CA6-B725-41A4-9FF2-432A85BBB160}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 48 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {6C39590F-BDFB-4D36-9C00-4E72CBE9A91A}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 47 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {65AC96F9-3956-4084-BB6E-E6692AF4E627}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 46 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {8ADFBCF1-8C67-4223-9283-6174738FB668}
Rule Name: @{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 45 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:15 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {204F3C3D-F16B-47B2-808B-7BCC2550CCC0}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: Allow
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 44 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {2DFFD664-9C57-438D-9026-48B1A800289E}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 43 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {FB0B2B11-DB4D-4995-9773-4ED86B862621}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 42 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {F4E11968-5572-4AFB-B578-AF789ADC333D}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 41 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {CDC8D6B2-A11A-4FE0-92FA-95816264C0C9}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 40 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {65AB2302-1369-4AB8-ACC6-E08D005EABD3}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 39 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {DFD93463-0749-4B57-9BC7-6139358D92B5}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 38 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {2819ACCE-5C76-46DF-BC13-7F0BC6257E3D}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 37 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {BA6E2771-B005-4F26-A655-CD081DDA367B}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 36 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {0CA8AC29-3194-45B8-8E8F-ABA26F4D55F8}
Rule Name: @{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 35 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {93542257-3E04-4FDF-8A51-67508426BB05}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 34 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {4CE4A496-C599-46BE-A16F-AF8BB6B822C1}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 33 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {73A52268-3D67-41C8-A723-00FA33F941D3}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 32 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {CF541764-FE50-4C9A-9235-EB7A35343918}
Rule Name: @{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 31 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 2340 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {E41AAE10-2277-49D3-AAA1-8B281A8888D3}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 30 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {2A7E7446-6C18-4197-BBCC-E6FB7929AEC3}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 29 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {5AD7B3E9-C09F-4D73-AF84-2550987AAFC8}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 28 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {4851B067-6F3F-414B-952A-D2138ABC0766}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 27 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {F693ECF9-F6DB-45A3-974F-5F2B073DECCE}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 26 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {BF2D0261-3D6D-483A-92DE-9AE1C13008F9}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 25 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {97A37C7E-88F8-4E9C-A507-DD02E63F4B1E}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 24 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {4B83510C-E084-4669-8937-1F10D9AD5013}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 23 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {193D8F15-4095-47B8-8292-9C87793905D3}
Rule Name: @{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 22 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1036 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:14 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {1A653432-42B4-4179-9125-3CC27C0F8F04}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 21 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {C45A4A19-5846-4F19-9B4D-95EA3C76983D}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 20 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {195F37F1-1E52-46B0-865C-E0506F43AAC6}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 19 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {127F0350-9928-46E0-BCC8-449E82104B36}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 18 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {01234757-583F-4C6A-B63B-74C4FD9B44B3}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public, Private
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: Require Authentication
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 17 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {320E3551-5D39-48C7-B4D7-F4ED4AFAD3C8}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 16 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {BFEA7B4F-2F36-4D3E-9510-507CC18628AF}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 15 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {30788298-74D6-4D2C-BAA5-FA9301F8D3FD}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 14 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {E6CA3DBF-221B-4873-BBF7-9E6CD5D03234}
Rule Name: @{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 13 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {FD48B40F-75F9-4F00-BE76-16BF92E10A0B}
Rule Name: @{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}
Origin: Local
Active: Yes
Direction: Outbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 12 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {DBFF7259-6A20-4425-AC7B-9628133BD665}
Rule Name: @{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Block
Application Path:
Service Name:
Protocol: Any
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052
Modifying Application: C:\windows\System32\svchost.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 11 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:13 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
Network profile changed on an interface.
Adapter GUID: {5C5D9A3A-40D7-47B4-B915-59C9831563DF}
Adapter Name: ethernet_32769
Old Profile: None
New Profile: Public | 2010 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 10 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 964 | 1064 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:01:59 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {8616FC5B-6B26-4EC9-955A-0762D8E49F41}
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\netsh.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 9 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:37 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {8616FC5B-6B26-4EC9-955A-0762D8E49F41}
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\netsh.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 8 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:37 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-ICMP6-ERQ-In
Rule Name: File and Printer Sharing (Echo Request - ICMPv6-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V6
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\netsh.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 7 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:37 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: {DDA94BA4-DA5D-4F47-8562-5D77B1C60131}
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\netsh.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 6 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:37 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been added to the Windows Firewall exception list.
Added Rule:
Rule ID: {DDA94BA4-DA5D-4F47-8562-5D77B1C60131}
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Public
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\netsh.exe | 2004 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 5 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:37 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: FPS-ICMP4-ERQ-In
Rule Name: File and Printer Sharing (Echo Request - ICMPv4-In)
Origin: Local
Active: No
Direction: Inbound
Profiles: Private,Domain
Action: Allow
Application Path:
Service Name:
Protocol: ICMP V4
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\netsh.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 4 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:37 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: RemoteDesktop-UserMode-In-TCP
Rule Name: Remote Desktop - User Mode (TCP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: termservice
Protocol: TCP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\rundll32.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 3 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:35 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: RemoteDesktop-UserMode-In-UDP
Rule Name: Remote Desktop - User Mode (UDP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\svchost.exe
Service Name: termservice
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\rundll32.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 2 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:35 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
A rule has been modified in the Windows Firewall exception list.
Modified Rule:
Rule ID: RemoteDesktop-Shadow-In-TCP
Rule Name: Remote Desktop - Shadow (TCP-In)
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Private,Domain, Public
Action: Allow
Application Path: C:\windows\system32\RdpSa.exe
Service Name:
Protocol: TCP
Security Options: None
Edge Traversal: Allow
Modifying User: S-1-5-18
Modifying Application: C:\Windows\System32\rundll32.exe | 2005 | 0 | | 4 | 0 | 0 | -9223369837831520256 | 1 | Microsoft-Windows-Windows Firewall With Advanced Security | d1bc9aff-2abf-4d71-9146-ecb2a986eb85 | Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | 1004 | 2160 | WIN-PD8DQPRRTAO | S-1-5-19 | 1/16/2018 5:01:35 PM | | | microsoft-windows-windows firewall with advanced security/firewall | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |