Alex E.
asked on
Skype Event id 5156 Windows 2008 R2
We have Skype Events id 5156 of audit success in our Windows 2008 R2 each second or each minute. What could be the reason for so many Events id 5156 of Skype? Is there a way to avoid Skype to post so many Events id 5156 on the Event Viewer without damaging works correctly ? Because is not comfortable be filled of garbage each second. This is the example of the Event id where xxx.xxx.xxx.xxx is our static IP:
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 5772
Application Name: \device\harddiskvolume1\pr
Network Information:
Direction: Outbound
Source Address: xxx.xxx.xxx.xxx
Source Port: 12936
Destination Address: 157.56.52.35
Destination Port: 40030
Protocol: 17
Filter Information:
Filter Run-Time ID: 215063
Layer Name: Connect
Layer Run-Time ID: 48
Sometimes there are events of audit failed but never stops posting.
Thank you
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 5772
Application Name: \device\harddiskvolume1\pr
Network Information:
Direction: Outbound
Source Address: xxx.xxx.xxx.xxx
Source Port: 12936
Destination Address: 157.56.52.35
Destination Port: 40030
Protocol: 17
Filter Information:
Filter Run-Time ID: 215063
Layer Name: Connect
Layer Run-Time ID: 48
Sometimes there are events of audit failed but never stops posting.
Thank you
ASKER
Ok I understand is not bad but is there a way to get rid off of this events? We ask because sometimes we need to monitor Event viewer for other things and like there are thousands of other that kind of events is impossible take a look there.
With get rid off I mean to just remove Skype.exe to be audited the rest of the system is ok just Skype.exe is the issue and filter just for Skype to pos Event id 5156 or 5157 would be wonderful. Any ideas?
Thank you
With get rid off I mean to just remove Skype.exe to be audited the rest of the system is ok just Skype.exe is the issue and filter just for Skype to pos Event id 5156 or 5157 would be wonderful. Any ideas?
Thank you
Do you use Windows Firewall?
ASKER
Yes we use of course but we don't want to block the Skype just that events id 5156 and 5157 for Skype only from event viewer.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you
Link
So it is a normal behavior and you need not to worry. Event ID 5156 means that the Firewall is allowing a connection to host.