Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 850 Source: Security

A port was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Interface: All interfaces
Name: <application name>
Port number: <port number>
Protocol: <protocol type>
State: Enabled
Scope: Local subnet only
This is the result of a security feature introduced by Windows XP Service Pack 2. The operating system will attempt to validate any application that is using a TCP/IP port. Reported applications:
- NetBIOS Session Service - protocol TCP/139 - used by NetBIOS and enabled by default
- NetBIOS Datagram Service - protocol UDP/138 - used by NetBIOS and enabled by default
- NetBIOS Name Service - protocol UDP/137 - used by NetBIOS and enabled by default
- SSDP Component of UPnP Framework - protocol UDP/1900 - enabled by default
- UPnP Framework over TCP - protocol TCP/2869 - enabled by default
- Remote Desktop - protocol TCP/3389 - enabled by default
- SMB over TCP - protocol TCP/445 - enabled by default

See the link to the EventID.Net TCP/IP ports for more details about a specific protocol.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.