If you are like me, your 125MB Windows Server 2008 R2 logs are jammed with “Event 5156: Windows Filtering Platform has permitted a connection”:
Event 5156: Windows Filtering Platform has permitted a connection
I could not figure out how to disable this because in LOCAL SECURITY POLICY it was greyed out, which I know means it is controlled by a Group Policy:
I was working on the DEFAULT DOMAIN POLICY which was not correcting the problem. The solution was to change the DEFAULT DOMAIN CONTROLLER POLICY > POLICIES > WINDOWS SETTINGS > SECURITY SETTINGS > AUDIT POLICY > AUDIT OBJECT ACCESS settings:
event-5156-The-Windows-Filtering-Platform-has-permitted-a-connection-domain-controller-gp
Windows 11, the latest iteration in the series from Microsoft, is said to be the most advanced and user-oriented. However, encountering errors remains as common, if not more than the previous version. In this article, we will be taking up the Windows Filtering Platform has blocked a connection problem.
The error arises when certain packets or connections are blocked by the Base Filtering Engine. Though the problem may seem intricate to most users, its solutions are rather simple and have been listed out in the following sections.
For those encountering the error in Windows 11, it’s likely that the upgrade didn’t go through successfully and there’s some kind of misrecognition in Windows Firewall.
But, before we head to the fixes, it’s imperative that you understand the role of the Windows Filtering Platform and its main features.
How does the Windows Filtering Platform help developers?
Windows Filtering Platform, a set of system services and API (Application Programming Interface) allows developers to create network filtering applications. It was first introduced in Windows Vista and has been a part of the Windows ecosystem ever since.
It can also be used to build independent firewalls, antivirus, amongst other network-related applications. With this, an application can access and modify packets while these are being processed.
The three main features of the Windows Filtering Platform are as follows:
- Base Filter Engine
- Generic Filter Engine
- Callout Modules
Now that you are fairly acquainted with the concept, let’s head to the most effective fixes for the Windows Filtering Platform has blocked a connection problem in Windows 11.
How can I fix the Windows Filtering Platform has blocked a connection error in Windows 11?
1. Disable the Firewall
- Press Windows + S to launch the Search menu. Enter Windows Defender Firewall in the text field at top and click on the relevant search result that appears.
- Next, click on Turn Windows Defender Firewall on or off from the list of options on the left.
- Tick the checkboxes for Turn off Windows Defender Firewall (not recommended) under both Private network settings and Public network settings, and click on OK at the bottom to save the changes.
After making the changes, restart the system and check if the Windows Filtering Platform has blocked a connection problem is eliminated in Windows 11. If not, head to the fix listed next.
2. Run DISM tool
- Press Windows + S to launch the Search menu. Enter Windows Terminal in the text field at the top, right-click on the relevant search result and select Run as administrator from the context menu.
- Click Yes on the UAC (User Account Control) prompt that pops up.
- Click on the downward-facing arrow at the top and select Command Prompt from the list of options. Alternatively, you can hit the Ctrl + Shift + 2 to launch Command Prompt in a new tab in Windows Terminal.
- Next, paste the following command and hit Enter to execute it:
DISM/Online /Cleanup-image /Scanhealth
- Finally, execute the following command:
DISM/Online /Cleanup-image /Restorehealth
3. Perform a quick SFC scan
- Press Windows + R to launch the Run command. Enter wt in the text field, press and hold the Ctrl + Shift keys, and then either click on OK or hit Enter to launch an elevated Windows Terminal.
- Click Yes on the UAC (User Account Control) prompt.
- Click on the downward arrow and select Command Prompt from the menu that appears.
- Next, type/paste the following command and hit Enter to run the SFC scan:
sfc /scannow
The SFC (System File Checker) scan is used to identify corrupt system files, and if any are found, replace them with their cached copy stored on the system. So, if it’s the corrupt system files that are causing the Windows Filtering Platform has blocked a connection problem in Windows 11, running the SFC scan should fix it.
After executing the command, wait for the scan to complete, then restart the computer and check if the problem is eliminated. If the issue still persists, you can try using a third-party repair app that has more advanced features.
4. Restart Windows Security Center
- Press Windows + R to launch the Run command. Enter services.msc in the text field, and either click on OK or hit Enter to launch the Services app.
- Locate and double-click on the Windows Defender Firewall service.
- Check if the Service status reads Running.
- If not, click on the Start button under Service status to run the service.
- Next, press Windows + S to launch the Search menu. Enter Windows Terminal in the text field, right-click on the relevant search result that appears, and select Run as administrator from the context menu.
- Click Yes on the UAC (User Account Control) prompt that appears.
- Next, execute the following command and then restart the PC:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f
- After the computer restarts, paste the following command and hit Enter:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /d 0 /t REG_DWORD /f
Once done, again restart the computer and check if the Windows Filtering Platform has blocked a connection problem is fixed in Windows 11.
5. Disable your antivirus
NOTE
We have listed the steps to disable the built-in Windows Security app. In case you are using a third-party antivirus, check its settings or head to the FAQ section on the manufacturer’s website for the steps to disable it.
- Press Windows + S to launch the Search menu. Enter Windows Security in the text field at the top, and then click on the relevant search result that appears.
- Click on Virus & threat protection.
- Click on Manage settings under Virus & threat protection settings.
- Next, click on the toggle under Real-time protection to disable the antivirus.
- Lastly, click Yes on the UAC (User Account Control) prompt that pops up.
Oftentimes, the antivirus is known to conflict with the network settings and lead to a bunch of errors. This the generally the case with third-party antiviruses but the built-in Windows Security is also sometimes found to be the culprit.
Hence if the above fixes haven’t worked, you can try disabling the antivirus and check if the Windows Filtering Platform has blocked a connection problem is eliminated in Windows 11.
In case the error persists, uninstall the third-party antivirus app and verify if that changes the situation. Also, check out our curated list of the best antivirus software for Windows 11.
6. Create a new local account
In many cases, it was a corruption in the user account that led to the Windows Filtering Platform has blocked a connection problem. If that’s the case, and the above methods have fixed it, you can create a new local account on your Windows 11 PC.
While there is a lot of debate around whether you should go for a Microsoft account or a Local one, the latter should be a better choice here since it’s not linked to any servers and can be used independently on the device.
Once you have created a new local account, the error should not be present in the Event Viewer anymore.
Which is better, Windows 11 or Windows 10?
With Windows 11 finally launched, most have been nothing but excited to get their hands on the latest iteration. But, a lot of users have been skeptical of the upgrade owing to various factors.
The primary reason is that they are accustomed to Windows 10 and it will take some time to get familiar with the new OS. But, that’s not a good enough reason since Windows 11 offers both a slightly better user interface along with a bunch of other features and security enhancements, meant to improve your experience.
If you too are confused between the two, go through our guide where we compare Windows 11 and Windows 10.
That’s all there is to the Windows Filtering Platform has blocked a connection problem in Windows 11 along with the most relevant fixes for it.
In case the methods listed above do not eliminate the Windows Filtering Platform has blocked a packet error, you can either perform a system restore or reset Windows 11 to its factory settings.
Tell us which fix worked and your thoughts on the whole Windows 11 vs Windows 10 debate in the comments section below.
Kazim Ali Alvi
Windows Hardware Expert
Kazim has always been fond of technology, be it scrolling through the settings on his iPhone, Android device, or Windows PC. He’s specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.
Long-time Windows user, Kazim is ready to provide a solution for your every software & hardware error on Windows 11, Windows 10 and any previous iteration. He’s also one of our experts in Networking & Security.
Did you know that Windows Server 2008 and 2008 R2, as well as Vista can pump out just as many audit logs as your standard hardware firewall. I can understand some audit trails for file access and user account changes but every single TCP and UPD connection is a little over considering windows is already logging this in the firewall log. If your tracking down security issue on you network and you have an SIM trying to correlate all these logs then most of these additional logs are just noise.
There are a couple of ways of dealing with this little issue, the one machine at a time or the GPO. For me the Group Policy option is a must as I don;t have time to go through every server and every workstation that might have these audit logs turned on. The main one I want to focus on is called the “Audit Filtering Platform Connection”
After much searching on the internet I found a pretty good blog that pointed me in the right direction:
computer configuration –> policies –> windows settings –> security settings –> advanced audit policy configuration –> audit policies –> object access. Then double-click “Audit Filtering Platform Connection” and check only the box next to “configure the following audit events.” DO NOT CLICK THE OTHER TWO BOXES. Repeat for “Audit Filtering Platform Packet Drop”
For the one system solution use these command line options:
auditpol /set /subcategory:”Filtering Platform Packet Drop” /success:disable /failure:disable
auditpol /set /subcategory:”Filtering Platform Connection” /success:disable /failure:disable
References:
http://msdn.microsoft.com/en-us/library/bb309058(VS.85).aspx
http://actualreverend.blogspot.com/2010/11/windows-auditing-can-be-annoying-shut.html
I have seen more number of logs with the Event ID 5156 while working with File System Auditing where this event is being repeatedly logged on my server 2008 R2 machine.
See the event in this picture
After I have analyzed for the reason of Event ID 5156 is being repeatedly logged, found the below solutions to stop the Event ID 5156 from being logged continuously
Event ID 5156 should occur if the Success or Failure audit was enabled for Filtering Platform Connection in Advanced Audit Policy Configuration setting which is available from Windows 2008 R2 and later versions.
Category: Object Access
Subcategory: Filtering Platform Connection
You will get the following Event IDs if the Filtering Platform Connection is enabled.
5031 – The Windows Firewall Service blocked an application from accepting incoming connections on the network.
5154 – The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
5155 – The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
5156 – The Windows Filtering Platform has allowed a connection
5157 – The Windows Filtering Platform has blocked a connection
5158 – The Windows Filtering Platform has permitted a bind to a local port.
5159 -The Windows Filtering Platform has blocked a bind to a local port.
We should disable the audit policy setting Filtering Platform Connection in Advanced Audit Policy Configuration to stop this event. We can do it in the following ways.
Possible Solution: 1- using Auditpol exe
If you would like to get rid of this Filtering Platform Connection event 5156 then you need to run the following commands in an elevated command prompt (Run As Administrator):
Auditpol /set /subcategory:”Filtering Platform Connection” /Success:disable
Then update gpo by this command
gpupdate /force
Possible Solution: 2 – using Local Security Policy
You can also disable Filtering Platform Connection in Advanced Audit Policy Configuration of Local Security Policy.
1. Press the key Windows + R
2. Type command secpol.msc, click OK
3. Then go to the node Advanced Audit Policy Configuration->Object Access.
4. Check the audit setting Audit Filtering Platform Connection If it is configured as Success, you can revert it Not Configured and Apply the setting.
Possible Solution: 3 – using Group Policy Object
If the setting is inherited from any other GPO to Local Security Policy,You need to edit the specific GPO which is configured with the setting Audit Filtering Platform Connection. You can find the GPO by running Resultant Set of Policy.
1. Press the key Windows + R
2. Type command rsop.msc, click OK.
3. Now you can the below result window. Then go to the node Computer Configuration ->Windows Settings ->Local Polices-> Audit Policy.
4. Now, you can see the Source GPO of the setting Audit Object Access which is the root Setting for Audit Filtering Platform Connection.
5. Then you can edit the Audit Filtering Platform Connection of corresponding GPO by running GPMC.msc command through Run window or command window.
Note:You need run the command GPUpdate /force after every changes to apply group policy to system immediately.
Morgan
Software Developer
Disable Nuisance Warnings about Windows Filtering Platform
Disable Nuisance Warnings About «Windows Filtering Platform» so that you don’t see this in your windows event logs: «
The Windows Filtering Platform has blocked a packet.
1) open cmd.exe as Administrator, then paste this cmd in:
auditpol /set /subcategory:»Filtering Platform Packet Drop» /success:disable /failure:disable
Popular posts from this blog
Microsoft Visio 2010 Premium Product Keys
Visio KMS client key from Microsoft You can use these with AutoKMS tool such as Office Toolkit 2.4.9 (office 2010/2013) which will re-arm them once every 180 days. So you are always in the grace period. At the bottom of this page are keys for Visio 2019. If you are here to figure out how to get a free copy of Visio activated on your computer, without paying Microsoft for it, then God or Allah will judge you later for your sins. Your soul will be sent to the underworld to be tormented by Satan for these sins. Please pay for your software! Visio Standard 2010 767HD-QGMWX-8QTDB-9G3R2-KHFGJ Visio Professional 2010 7MCW8-VRQVK-G677T-PDJCM-Q8TCP Visio Premium 2010 D9DWC-HPYVV-JGF4P-BTWQB-WX8BJ Keys from our Russian friends. you can only install with these keys, you cannot activate. ========================================================================= Visio Premium 2010: ========================================================================= C383V-HPHM…
Configure Shoretel Voicemail Notifications to your email inbox using a free SMTP relay
Configure Your Shoretel Voicemail Server to Send Voicemails As Wave Files to your inbox How Can SocketLabs Help You Setup a Free SMTP Relay Socketlabs is a free and paid service that can allow you to send 2000 free SMTP message relays every month from your verified domain. But first you need a real domain with it’s own email accounts and a professional looking website on top of that, plus you need to look like a legitimate business with contact numbers and email addresses. It is not for spammers, hackers, phreakers, or junk mail junkies. Once you are ready, you create a free account at SocketLabs.com then allow the admins to verify your email and your web presence. Once that’s done, you get your credentials for their free SMTP relay that you can use in your IIS SMTP gateway to send free emails from your voicemail appliances, and your other IOT things that need to send email out, but cannot authenticate. Many devices cannot authenticate to SMTP servers such as Shoretel…
Microsoft Office365 Authentification Methods Settings
How to Add NewAuthentification Methods to Office365 Using this link. https://entra.microsoft.com/#view/Microsoft_AAD_IAM/PasswordResetMenuBlade/~/AuthenticationMethods User Admin Center https://entra.microsoft.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers/menuId/ Password Reset Methods https://entra.microsoft.com/#view/Microsoft_AAD_IAM/PasswordResetMenuBlade/~/Properties/fromNav/ Entra Admin Center https://entra.microsoft.com/#view/Microsoft_AAD_IAM/EntraDashboard.ReactView