| Event Id | 615 |
| Source | Security |
| Description | IPSec Services failed to get the complete list of network
interfaces on the match.This will be a potential security hazard to the
machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. or IPSec Services: PAStore Engine polled for changes to the active IPSec policy and detected no changes. or IPSec Services: PAStore Engine applied local registry storage IPSec policy "policy" on the machine. or IPSec Services: Successfully opened IKE ports (Port number) in the Windows Firewall. or IPSec Services: IPSec Services has started successfully. or IPSec Services: IPSec Services has shut down successfully. Stopping IPSec Services can be a potential security hazard to the machine. |
| Event Information | Cause : This event is logged when group policy object's IPSecurity policy had been modified on a computer. This is Common events logged for IPSEC Services.Description changes depending on the operation performed. IPSec Services: PAStore Engine polled for changes to the active IPSec policy and detected no changes. This description is generated when no changes detected to active IPSec policy while polling. IPSec Services: PAStore Engine applied local registry storage IPSec policy "policy" on the machine. This is logged when local registry storage IPSec policy applied by PAStore Engine.Description contains policy information. IPSec Services: Successfully opened IKE ports (Port number) in the Windows Firewall. This is logged when IPSEC Service opens ports in windows firewall.Description contains port information. IPSec Services: IPSec Services has started successfully. This is logged when IPSec Services started. IPSec Services: IPSec Services has shut down successfully. Stopping IPSec Services can be a potential security hazard to the machine. This event is logged when IPSEC service Stopped --------------------------------------------------------------------------------------------- According to News Group: This event appeared only once on Windows 2003 SP1. It was on a computer that had been restored from an image of another computer from another domain and was not connected to the network. --------------------------------------------------------------------------------------------- Here is an information from a Microsoft person: This is security policy being re-applied, and should occur at 5min intervals on DCs and 16hr intervals on other Windows 2000 machines. In some scenario this message can commonly occur when a network interface is not connected to a live network, while the IPsec policy engine initializes. If you have not configured IPsec, then the policy engine is not doing anything anyway, so it does not in that case make any difference. |
| Reference Links | How To Configure IPSec Tunneling in Windows Server 2003 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.