Windows Server Event: 4953

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows Server Event: 4953

Event ID 4953 - A rule has been ignored by Windows Firewall as it could not be parsed.

Description Windows Firewall ignores a firewall rule because it could not parse it.
Category Policy change
Subcategory MPSSVC Rule-Level Policy Change

This log data gives the following information:

Profile [Type = UnicodeString] The profile name of the ignored rule.
Reason for Rejection [Type = UnicodeString] The reason for inability to parse the rule.
Rule ID[Type = UnicodeString]: The unique identifier for the ignored firewall rule.
Name[Type = UnicodeString]: The name of the rule which was ignored.

Reasons to monitor this event:

  • This event can be a sign of software issues, Windows Firewall registry errors/corruption, or misconfiguration of Group Policy setting. We recommend monitoring this event and investigating the reason for the condition.
  • Typically this event indicates configuration issues, not security issues.

Pro tip:

With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all interactions with Windows Firewall, thus helping you meet your security, compliance, and operational needs with absolute ease.

Event 4953 applies to the following operating systems:

  • Windows Server 2008 R2 and 7
  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 and 1