Event ID 4953 - A rule has been ignored by Windows Firewall as it could not be parsed.
|Description||Windows Firewall ignores a firewall rule because it could not parse it.|
|Subcategory||MPSSVC Rule-Level Policy Change|
This log data gives the following information:
|Profile [Type = UnicodeString]||The profile name of the ignored rule.|
|Reason for Rejection [Type = UnicodeString]||The reason for inability to parse the rule.|
|Rule||ID[Type = UnicodeString]: The unique identifier for the ignored firewall rule.
Name[Type = UnicodeString]: The name of the rule which was ignored.
Reasons to monitor this event:
- This event can be a sign of software issues, Windows Firewall registry errors/corruption, or misconfiguration of Group Policy setting. We recommend monitoring this event and investigating the reason for the condition.
- Typically this event indicates configuration issues, not security issues.
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all interactions with Windows Firewall, thus helping you meet your security, compliance, and operational needs with absolute ease.
Event 4953 applies to the following operating systems:
- Windows Server 2008 R2 and 7
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 1
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools