Object Access Event: 5152

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Object Access » Object Access Event: 5152

Event ID 5152 – The Windows Filtering Platform blocked a packet.

Event ID 5152
Category Object Access: Filtering Platform Packet Drop
Type Failure Audit

When a network packet is blocked by the Windows Filtering Platform, event 5152 is logged. This event is logged for every received network packet.

This event log contains the following information:

  • Process ID
  • Application Name
  • Direction
  • Source Address
  • Source Port
  • Destination Address
  • Destination Port
  • Protocol
  • Filter Run-Time ID
  • Layer Name
  • Layer Run-Time ID

Why does event ID 5152 need to be monitored?

  • To monitor which applications are reported by this event
  • To check if the applications reported are restricted applications
  • To ensure the Source Address is one of the addresses assigned to the computer
  • To check if Destination Address is an IP address from the Internet, when certain computers and devices are not allowed to have access to the Internet
  • To monitor whether the Destination Addresses are on the list of allowed IP addresses
  • To monitor all inbound connections to a specific local port
  • To ensure the Protocol Number is not anything atypical for the device or computer

Event 5152 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10