My Event log continuously fills up with failure audit events of this
type:

The Windows Firewall has detected an application listening for
incoming traffic.

Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 1312
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 3562
Allowed: No
User notified: No

The strange thing is that I am behind a firewall so Windows Firewall
is set to OFF....
How can Windows Firewall log events if it is OFF?????

And how can I get rid of this nuisance?
I am running a fully up to date Symantec Corporate antivirus on this
PC.


Bo Berglund

Bo Berglund wrote:
http://www.eventid.net/display.asp?e...ri ty&phase=1

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

On Sat, 22 Mar 2008 08:06:01 -0500, "Shenan Stanley"
<newshelper@gmail.com> wrote:

I noticed that even if Windows Firewall is ste to off it seems to be
active anyway. So I stopped the service and set it for manual start.
Now I don't get nearly as many log entries, but I still have a fair
amount of unuseful entries, like:

A new process has been created:
New Process ID: 4908
Image File Name:
C:\Engineering\Projects\Bosse\MailCheck\MailCheck. exe
Creator Process ID: 240
User Name: Bosse
Domain: MYDOMAIN
Logon ID: (0x0,0x1ACAD)


And then after the program exits:

A process has exited:
Process ID: 4908
Image File Name:
C:\Engineering\Projects\Bosse\MailCheck\MailCheck. exe
User Name: Bosse
Domain: MYDOMAIN
Logon ID: (0x0,0x1ACAD)

What is the purpose of logging these items?
Again the event log fills up with non-usable entries.
It would have been useful if failures were logged, but why log normal
activity?

And how can I reduce this?



Bo Berglund