Event ID 861

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Very frequently I have a security entry in my event logs (show below). THe
help and support link in the event log results in nothing. The error appears
to be related to the Windows Firewall...does anyone know what this is about,
or how to stop it?


Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 3/3/2005
Time: 10:38:48 AM
Computer: <computername>
The Windows Firewall has detected an application listening for incoming

Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 1348
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 1352
Allowed: No
User notified: No

For more information, see Help and Support Center at
1 answer Last reply
More about event
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Hi J,

    Just as the post 27753650 Event ID 861 - OUTLOOK11.EXE Firewall issue.
    They are all related to Windows Firewall.

    For your convenience, I'll pasted as following:

    Based on my research, even though Windows XP firewall is "turned off", the
    service is still running. If your security auditing policy includes
    auditing of failures for "audit process tracking", your security event logs
    will be filling up quickly. If you want the events to go away, the only
    solutions I have found so far are to turn off the auditing or to stop the
    Windows Firewall/ICS service.

    To turn off the auditing:

    The Default Domain Policy was configured to push the following changes
    Configuration->Windows Settings->Security Settings->Local Policies/Audit

    Policy Setting
    Audit account logon events Failure
    Audit account management Success, Failure
    Audit directory service access Failure
    Audit logon events Success, Failure
    Audit object access Success, Failure
    Audit policy change Success, Failure
    Audit privilege use Failure
    Audit system events Failure

    I recommended the following changes:

    Policy Setting
    Audit policy change Not Defined
    Audit privilege use Not Defined
    Audit object access Not Defined

    To stop the Windows Firewall/ICS service:

    Go to Start -> Run -> services.msc. Find Windows Firewall in the list,
    double-click on it, set "Startup type" to "Disabled", and press Stop if it
    is running.

    Please take your time in trying the suggestion. If there is anything
    unclear or any other questions about this issue, please feel free to let me
    know. I'm looking forward to your reply.

    Thanks & Regards

    Amanda Wang[MSFT]

    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security


    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

Ask a new question

Read More

Support Event Id Windows XP