1 <!-- OSSEC Rules for Windows Firewall - https://support.microsoft.com/en-us/help/977519/description-of-security-events-in-windows-7-and-in-windows-server-2008 -->
3 <group name="windows,firewall,">
5 <rule id="53631" level="3">
8 <description>Windows Firewall Service has started successfully</description>
9 <group>windows_firewall</group>
12 <rule id="53632" level="8">
13 <if_sid>18104</if_sid>
15 <description>Windows Firewall Service has been stopped</description>
16 <group>windows_firewall</group>
19 <rule id="53633" level="4">
20 <if_sid>18104</if_sid>
22 <description>Windows Firewall Service was unable to retrieve the security policy from the local storage. Windows Firewall will continue to enforce the current policy</description>
23 <group>windows_firewall</group>
26 <rule id="53634" level="4">
27 <if_sid>18104</if_sid>
29 <description>Windows Firewall was unable to parse the new security policy. Windows Firewall will continue to enforce the current policy</description>
30 <group>windows_firewall</group>
33 <rule id="53635" level="4">
34 <if_sid>18104</if_sid>
36 <description>The Windows Firewall service failed to initialize the driver. Windows Firewall will continue to enforce the current policy</description>
37 <group>windows_firewall</group>
40 <rule id="53636" level="8">
41 <if_sid>18104</if_sid>
43 <description>Windows Firewall Service failed to start</description>
44 <group>windows_firewall</group>
47 <rule id="53637" level="2">
48 <if_sid>18105</if_sid>
50 <description>Windows Firewall Service blocked an application from accepting incoming connections on the network</description>
51 <group>windows_firewall</group>
54 <rule id="53638" level="2">
55 <if_sid>18105</if_sid>
57 <description>Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network</description>
58 <group>windows_firewall</group>
61 <rule id="53639" level="3">
62 <if_sid>18104</if_sid>
64 <description>Windows Firewall Driver started successfully</description>
65 <group>windows_firewall</group>
68 <rule id="53640" level="8">
69 <if_sid>18104</if_sid>
71 <description>Windows Firewall Driver was stopped</description>
72 <group>windows_firewall</group>
75 <rule id="53641" level="8">
76 <if_sid>18105</if_sid>
78 <description>Windows Firewall Driver failed to start</description>
79 <group>windows_firewall</group>
82 <rule id="53642" level="8">
83 <if_sid>18105</if_sid>
85 <description>Windows Firewall Driver detected a critical runtime error, terminating</description>
86 <group>windows_firewall</group>
89 <rule id="53643" level="8">
90 <if_sid>18104</if_sid>
92 <description>A rule was added to Windows Firewall exception list</description>
93 <group>windows_firewall</group>
96 <rule id="53644" level="8">
97 <if_sid>18104</if_sid>
99 <description>A rule was modified from Windows Firewall exception list</description>
100 <group>windows_firewall</group>
103 <rule id="53645" level="8">
104 <if_sid>18104</if_sid>
106 <description>A rule was deleted from Windows Firewall exception list</description>
107 <group>windows_firewall</group>
110 <rule id="53646" level="8">
111 <if_sid>18104</if_sid>
113 <description>Windows Firewall settings were restored to the default values</description>
114 <group>windows_firewall</group>
117 <rule id="53647" level="8">
118 <if_sid>18104</if_sid>
120 <description>A Windows Firewall setting was changed</description>
121 <group>windows_firewall</group>
124 <rule id="53648" level="8">
125 <if_sid>18105</if_sid>
127 <description>Windows Firewall ignored a rule because its major version number is not recognized.</description>
128 <group>windows_firewall</group>
131 <rule id="53649" level="8">
132 <if_sid>18105</if_sid>
134 <description>Windows Firewall ignored parts of a rule because its minor version number is not recognized. Other parts of the rule will be enforced</description>
135 <group>windows_firewall</group>
138 <rule id="53650" level="8">
139 <if_sid>18105</if_sid>
141 <description>Windows Firewall ignored a rule because it could not be parsed</description>
142 <group>windows_firewall</group>
145 <rule id="53651" level="8">
146 <if_sid>18104</if_sid>
148 <description>Group Policy settings for Windows Firewall were changed, and the new settings were applied</description>
149 <group>windows_firewall</group>
152 <rule id="53652" level="8">
153 <if_sid>18104</if_sid>
155 <description>Windows Firewall changed the active profile</description>
156 <group>windows_firewall</group>
159 <rule id="53653" level="8">
160 <if_sid>18105</if_sid>
162 <description>Windows Firewall did not apply some rules</description>
163 <group>windows_firewall</group>
166 <rule id="53654" level="8">
167 <if_sid>18105</if_sid>
169 <description>Windows Firewall did not apply some rules because the rule referred to items not configured on this computer</description>
170 <group>windows_firewall</group>