[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Skype Event id 5156 Windows 2008 R2

Posted on 2016-09-04
6
Medium Priority
?
88 Views
Last Modified: 2016-09-10
We have Skype Events id 5156 of audit success in our Windows 2008 R2 each second or each minute. What could be the reason for so many Events id 5156 of Skype? Is there a way to avoid Skype to post so many Events id 5156 on the Event Viewer without damaging works correctly ? Because is not comfortable be filled of garbage each second. This is the example of the Event id where xxx.xxx.xxx.xxx is our static IP:

The Windows Filtering Platform has permitted a connection.

Application Information:
      Process ID:            5772
      Application Name:      \device\harddiskvolume1\program files (x86)\skype\phone\skype.exe

Network Information:
      Direction:            Outbound
      Source Address:            xxx.xxx.xxx.xxx
      Source Port:            12936
      Destination Address:      157.56.52.35
      Destination Port:            40030
      Protocol:            17

Filter Information:
      Filter Run-Time ID:      215063
      Layer Name:            Connect
      Layer Run-Time ID:      48


Sometimes there are events of audit failed but never stops posting.

Thank you
0
Comment
Question by:Alex E.
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 18

Expert Comment

by:awawada
ID: 41784108
This is caused because of your Security Auditing policy.

Link

So it is a normal behavior and you need not to worry. Event ID 5156 means that the Firewall is allowing a connection to host.
0
 

Author Comment

by:Alex E.
ID: 41784119
Ok I understand is not bad but is there a way to get rid off of this events? We ask because sometimes we need to monitor Event viewer for other things and like there are thousands of other that kind of events is impossible take a look there.

With get rid off I mean to just remove Skype.exe to be audited the rest of the system is ok just Skype.exe is the issue and filter just for Skype to pos Event id 5156 or 5157 would be wonderful. Any ideas?


Thank you
0
 
LVL 18

Expert Comment

by:awawada
ID: 41784212
Do you use Windows Firewall?
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:Alex E.
ID: 41784648
Yes we use of course but we don't want to block the Skype just that events id 5156 and 5157 for Skype only from event viewer.
0
 

Accepted Solution

by:
Alex E. earned 0 total points
ID: 41785060
We solved but we decided for create a custom view in event viewer and then filter that kind of events via XML like this. In that way the Security events of Windows is untouched and the custom view is the one with the filtering. We post just the final XML just in case to other person helps:

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">*</Select>
    <Suppress Path="Security">*[System[(EventID=5156)]] and *[EventData[Data[@Name='Application'] and (Data ='\device\harddiskvolume1\program files (x86)\skype\phone\skype.exe')]]</Suppress>
    <Suppress Path="Security">*[System[(EventID=5157)]] and *[EventData[Data[@Name='Application'] and (Data ='\device\harddiskvolume1\program files (x86)\skype\phone\skype.exe')]]</Suppress>
  </Query>
</QueryList>

Open in new window


Thank you anyway
0
 

Author Closing Comment

by:Alex E.
ID: 41792499
Thank you
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question