F
Frederick R. Hutchings
XP Pro SP3
Hi,
I am getting a lot of events in the security log with ID 861:
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2009.9.12
Time: 6:15:10 p
User: NT AUTHORITY\NETWORK SERVICE
Computer: COMPUTER01
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1840
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 64697
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2009.9.9
Time: 9:31:23 p
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER01
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1684
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 68
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
The one from NETWORK SERVICE is by far the most prevalent occurring every 1
to 5 minutes. The one with SYSTEM doesn't happen very often. The ports
appear random. It's always svchost.exe.
Any suggestions as to what it doesn't like, and how to fix it?
Thanks,
Fred
Hi,
I am getting a lot of events in the security log with ID 861:
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2009.9.12
Time: 6:15:10 p
User: NT AUTHORITY\NETWORK SERVICE
Computer: COMPUTER01
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1840
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 64697
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2009.9.9
Time: 9:31:23 p
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER01
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1684
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 68
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
The one from NETWORK SERVICE is by far the most prevalent occurring every 1
to 5 minutes. The one with SYSTEM doesn't happen very often. The ports
appear random. It's always svchost.exe.
Any suggestions as to what it doesn't like, and how to fix it?
Thanks,
Fred