Event ID 855 – A Windows Firewall ICMP setting has changed.
ICMP stands for Internet Control Message Protocol. When the ICMP settings of Windows Firewall are changed, event ID 855 is logged by Windows. Such a change is usually instituted by an administrator or a group policy refresh.This event describes which settings have been enabled and which have been disabled.
This log data provides the following information:
- Policy Origin
- Profile Changed
- New Settings
- Old Settings
Why does event ID 855 need to be monitored?
- To check if the settings defined for the Windows Firewall are in line with the established standard settings
- To monitor all changes made locally to Windows Firewall settings
ADAudit Plus helps you avoid the GPOs monitoring complexities with real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. TThe advanced Group Policy settings real-time audit reports highlight the elusive change details, and also provide the old and new values of the modified attributes.
Event 855 applies to the following operating systems:
- Windows 2003 and XP
Corresponding event ID in Windows 2008 and Windows Vista is 4950.