| Event Id | 850 |
| Source | Security |
| Description | DESCRIPTION 1: A port was listed as an exception when the Windows Firewall started. Policy origin: Local Policy Profile used:- Interface:- Name:- Port number: 220 Protocol: TCP State: Enabled Scope: All subnets For more information DESCRIPTION 2: Logon attempt by: |
| Event Information | More Information:: This is the result of a security feature introduced by Windows XP Service Pack 2. The operating system will attempt to validate any application that is using a TCP/IP port. Reported applications: - NetBIOS Session Service - protocol TCP/139 - used by NetBIOS and enabled by default - NetBIOS Datagram Service - protocol UDP/138 - used by NetBIOS and enabled by default - NetBIOS Name Service - protocol UDP/137 - used by NetBIOS and enabled by default - SSDP Component of UPnP Framework - protocol UDP/1900 - enabled by default - UPnP Framework over TCP - protocol TCP/2869 - enabled by default - Remote Desktop - protocol TCP/3389 - enabled by default - SMB over TCP - protocol TCP/445 - enabled by default This information from some newsgroups may help you: ------------------------------------------------------------------------------ These messages are being generated as a result of failed login attempts. Its possible that you had auto-login enabled and then changed your password, resulting in XP going to a login prompt to get a valid username/PW.Change the audit policy to discontinue auditing for the successful use of user rights. The person with administrative rights for the computer should make sure the user should have the special privileges assigned. This event may occur if the following conditions exist: 1. A Windows XP-based computer is member of a Microsoft Windows NT 4.0-based domain or of a Microsoft Windows 2000-based domain. 2. You put the roaming profile of a domain user on a Windows NT 4.0-based server. 3. You log on as this user from a Windows XP-based computer. The warning is recorded in the log to notify the administrator that it is possible for the client to cache files from that share. Although you cannot set caching on Windows NT 4.0-based shares, Client Side Caching (CSC) interprets the lack of caching options as manual caching. Therefore, as far as CSC is concerned,the Windows NT 4.0-based share is cacheable. This can permit profiles to be cached. The warning notifies administrators of this issue. It will not cause performance issue. You can ignore this warning. The Windows XP Security Guide v2.0 describes the features and recommended settings for Microsoft Windows XP Service Pack 2 (SP2). The Guide includes thoroughly tested templates for security settings for Windows Firewall, which replaces Internet Connection Firewall (ICF). Information is provided about closing ports, Remote Procedure Call (RPC) communications, memory protection, e-mail handling, Web download controls, spyware controls, and much more. Windows XP is quite secure, it is important to bear in mind the trade-offs that exist between security, usability, and the functionality of the clients in your environment. A thorough understanding of these trade-offs places your organization in a position to strengthen the deployment of Windows XP to include a significantly higher level of security than provided by the default installation. ------------------------------------------------------------------------------ |
| Reference Links | More Information |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.