Re: Event ID 861

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx>
• Date: Sun, 13 Sep 2009 01:52:11 -0400

---

See http://lmgtfy.com/?q=event+id+861

Frederick R. Hutchings wrote:

XP Pro SP3

Hi,

I am getting a lot of events in the security log with ID 861:

Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2009.9.12
Time: 6:15:10 p
User: NT AUTHORITY\NETWORK SERVICE
Computer: COMPUTER01
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1840
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 64697
Allowed: No
User notified: No

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2009.9.9
Time: 9:31:23 p
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER01
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1684
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 68
Allowed: No
User notified: No

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


The one from NETWORK SERVICE is by far the most prevalent occurring every 1
to 5 minutes. The one with SYSTEM doesn't happen very often. The ports
appear random. It's always svchost.exe.

Any suggestions as to what it doesn't like, and how to fix it?

Thanks,
Fred

.

---

• Follow-Ups:
  • Re: Event ID 861
    • From: Frederick R. Hutchings

• References:
  • Event ID 861
    • From: Frederick R. Hutchings

• Prev by Date: Re: Virus attack
• Next by Date: Re: Why do I keep getting this errror message when I shut down?
• Previous by thread: Event ID 861
• Next by thread: Re: Event ID 861
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Internet Explorer and Outlook Express problems after standby mode ... > Event Type: Failure Audit ... > Event Source: Security ... > Event Category: Account Logon ... (microsoft.public.windowsxp.perform_maintain) Rogue Workstation? ... I noticed the following entries in the Security log of one of my Windows ... Event Type: Failure Audit ... The logon to account: Administrator ... (microsoft.public.windows.server.active_directory) Re: Help - RPC over http credential issue ... I am showing the following errors in my DC event security log: ... Event Type: Failure Audit ... Logon Failure: ... (microsoft.public.exchange.setup) Re: I am being hacked ... > Event Type: Failure Audit ... > Event Source: Security ... > Logon Failure: ... (microsoft.public.win2000.security) Event ID 861 ... I am getting a lot of events in the security log with ID 861: ... Event Type: Failure Audit ... Event Source: Security ... Event Category: Detailed Tracking ... (microsoft.public.windowsxp.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.general  > 2009-09