Windows 10: Microsoft auditing security logs getting generated automatically for Filtering platform...

Discus and support Microsoft auditing security logs getting generated automatically for Filtering platform... in AntiVirus, Firewalls and System Security to solve the problem; Microsoft auditing security logs getting generated automatically and getting full, user can't login and administrator login required. Kindly help in... Discussion in 'AntiVirus, Firewalls and System Security' started by Petric Rodrigues, Feb 17, 2025.

  1. PETRIC RODRIGUES
    Petric Rodrigues Win User

    Microsoft auditing security logs getting generated automatically for Filtering platform...


    Microsoft auditing security logs getting generated automatically and getting full, user can't login and administrator login required. Kindly help in resolving this issue.

    :)
     
    Petric Rodrigues, Feb 17, 2025
    #1
  2. RAMESH SRINIVASAN (IA)
    Ramesh Srinivasan (IA) Win User

    I have a lot of events in "Event Viewer -> Windows Logs -> Security", thousands per minute. Should I do something about them?

    Hi TudorRr,

    I'm Ramesh, here to answer your query at the Microsoft Community.

    The event ID 5156 entries are caused by your antivirus or firewall software enabling the auditing of Filtering Platform Connection. None of the processes you mentioned, svchost.exe, searchapp.exe, and msedge.exe, are the root cause, but your AV or Firewall software is.

    Please try turning off the auditing of WFP entries using the auditpol command, as specified in the following article.

    Disable “Filtering Platform Connection” (Event ID 5156, 5158) Security Logging » Winhelponline:

    https://www.winhelponline.com/blog/disable-filt...

    The article talks about Malwarebytes, but the procedure to disable WFP auditing is the same.

    Note:

    Before proceeding, backup your security policy settings by running this command from admin Command Prompt:

    auditpol /backup /file:C:\auditpolicy.csv

    Once done, follow the method in the linked article above to disable WFP audit logging.

    Note: If the WFP auditing is reenabled automatically after a reboot, your antivirus or firewall may be doing it. In that case, inspect the settings in your antivirus and firewall programs.
     
    Ramesh Srinivasan (IA), Feb 17, 2025
    #2
  3. DTG1
    DTG1 Win User
    Need help creating a custom view for audit logging.

    Yes it is. - - - Updated - - -
    Yes the Audit Successes is under Security in the Logs section of the Event Viewer. I assumed it was very obvious by the second screen shot (Log Name: Security). The goal as I said is to stop recording the audits, not just filter them. let me fix this ..
    Exactly, I doi screen the log every so often and this is one entry that I really dont need, Plex is only used by me so not open to public use hidden safely behind a firewall, or two. *Nerd
     
    DTG1, Feb 17, 2025
    #3
  4. PEEG
    Peeg Win User

    Microsoft auditing security logs getting generated automatically for Filtering platform...

    windows 8.1 is executing winsat.exe automatically even though its disabled in task scheduler.

    windows 8.1 is executing winsat.exe automatically even though its disabled in task scheduler. When Checking event viewer security logs it tells me someone logged into my computer even though I was already logged in but idle and executed winsat.exe. Is this normal or is someone logging into my computer remotely? I have multiple logins and special logins in my Log and logoffs when i did not logoff.

    Audit Success 6/29/2014 5:29:03 PM Microsoft Windows security auditing. 4616 Security State Change
    Audit Success 6/29/2014 5:03:25 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 5:03:25 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:13:16 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 2:13:16 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:03:54 PM Microsoft Windows security auditing. 4634 Logoff
    Audit Success 6/29/2014 2:03:54 PM Microsoft Windows security auditing. 4634 Logoff
    Audit Success 6/29/2014 2:00:18 PM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 2:00:18 PM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 2:00:18 PM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 2:00:18 PM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 2:00:15 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 2:00:15 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:00:15 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:00:15 PM Microsoft Windows security auditing. 4648 Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 2:00:07 PM Microsoft Windows security auditing. 4648 Logon
    Audit Success 6/29/2014 2:00:06 PM Microsoft Windows security auditing. 4647 Logoff
    Audit Success 6/29/2014 12:55:51 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 12:55:51 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 12:43:02 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 12:43:02 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 12:43:02 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 12:43:02 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 12:16:13 PM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 12:16:13 PM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:20:53 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:20:53 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:19:04 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:19:04 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:09:04 AM Microsoft Windows security auditing. 6406 Other System Events
    Audit Success 6/29/2014 11:07:59 AM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 11:07:59 AM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 11:07:59 AM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 11:07:59 AM Microsoft Windows security auditing. 4797 User Account Management
    Audit Success 6/29/2014 11:07:57 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:57 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:56 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:56 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:56 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:56 AM Microsoft Windows security auditing. 4648 Logon
    Audit Success 6/29/2014 11:07:50 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:50 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:48 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:48 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:45 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:45 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:45 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:44 AM Microsoft Windows security auditing. 5024 Other System Events
    Audit Success 6/29/2014 11:07:44 AM Microsoft Windows security auditing. 5033 Other System Events
    Audit Success 6/29/2014 11:07:44 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:44 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4648 Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4672 Special Logon
    Audit Success 6/29/2014 11:07:42 AM Microsoft Windows security auditing. 4624 Logon
     
    Peeg, Feb 17, 2025
    #4
Thema:

Microsoft auditing security logs getting generated automatically for Filtering platform...

Loading...

  1. Microsoft auditing security logs getting generated automatically for Filtering platform... - Similar Threads - Microsoft auditing security

  2. Event 4625, Audit Failure Microsoft Windows Security Auditing

    in Windows 10 Software and Apps
    Event 4625, Audit Failure Microsoft Windows Security Auditing: Help, i got a blackscreen and then after i check event viewer, this what i gotAn account failed to log on.Subject: Security ID: SYSTEM Account Name: DESKTOP-PU3FI1A$ Account Domain: WORKGROUP Logon ID: 0x3E7Logon Type: 2Account For Which Logon Failed: Security ID: NULL SID...

  3. Event 4625, Audit Failure Microsoft Windows Security Auditing

    in Windows 10 BSOD Crashes and Debugging
    Event 4625, Audit Failure Microsoft Windows Security Auditing: Help, i got a blackscreen and then after i check event viewer, this what i gotAn account failed to log on.Subject: Security ID: SYSTEM Account Name: DESKTOP-PU3FI1A$ Account Domain: WORKGROUP Logon ID: 0x3E7Logon Type: 2Account For Which Logon Failed: Security ID: NULL SID...

  4. Audit Failure Windows Filtering Platform has blocked connection - Application:...

    in Windows 10 Software and Apps
    Audit Failure Windows Filtering Platform has blocked connection - Application:...: I keep getting this Audit Failure alert in Windows Security Log. How can I fix this?Log Name: SecuritySource: Microsoft-Windows-Security-AuditingDate: 2023-12-06 9:35:41 AMEvent ID: 5157Task Category: Filtering Platform ConnectionLevel:...

  5. Audit Failure Windows Filtering Platform has blocked connection - Application:...

    in Windows 10 Gaming
    Audit Failure Windows Filtering Platform has blocked connection - Application:...: I keep getting this Audit Failure alert in Windows Security Log. How can I fix this?Log Name: SecuritySource: Microsoft-Windows-Security-AuditingDate: 2023-12-06 9:35:41 AMEvent ID: 5157Task Category: Filtering Platform ConnectionLevel:...

  6. Audit logs

    in Windows 10 Customization
    Audit logs: I have my various logs set via group policy. I would like to verify that I am actually getting the logs. If action has not happened. I would like to figure out how to generate that particular log setting. Ex: I want to generate Event ID 4727,2735,4737,4754,4758,and 4764....

  7. Microsoft Windows security auditing.

    in AntiVirus, Firewalls and System Security
    Microsoft Windows security auditing.: So recently I have been getting weird background noises/notifications and I found out that they have been coming from the event viewer. I checked the security logs and many of the logs say someone has logged in or created special privellages to a new logon. I was wondering...

  8. Microsoft Security Auditing Issue

    in Windows 10 Support
    Microsoft Security Auditing Issue: I hope someone can help me fix this issue i'm having. I ended up discovering that under my event viewer under the security tab, my computer has been logging tons of "audit success", source being "Microsoft Windows Security Auditing". It can generate easily 5 per minute and...

  9. Security Log Audit Failures 5127

    in Windows 10 Network and Sharing
    Security Log Audit Failures 5127: Access Denied or to whom ever can shed some light on this issue, Here we go, a little more information on what is going on with this one machine on my home network. I have restarted all the services. In a previous post I uninstalled all the Google sync stuff which fixed the...

  10. Turning on security audit logs for folders/Alsofiles

    in Windows 10 Support
    Turning on security audit logs for folders/Alsofiles: Recently I lost an entire folder full of folders and files and as of right now I still don't know what happened. I have re-created the folder and starting re-adding the files in it but I'd like to turn on auditing for the folder, to include all objects in the folder. I've...