Audit Policy: Object Access: Filtering Platform Packet DropID: oval:org.secpod.oval:def:18858 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Object Access: Filtering Platform Packet Drop events on success should be enabled or disabled as appropriate.
This policy setting determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform. Windows Filtering Platform (WFP) was introduced in Windows Server 2008 and Windows Vista to enable independent software vendors (ISVs) to filter and modify TCP/IP packets, monitor or authorize connections, filter Internet Protocol security (IPsec)-protected traffic, and filter remote procedure calls (RPCs). A high rate of dropped packets may indicate that there have been attempts to gain unauthorized access to computers on your network.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |