Does anyone know about this Firewall error ??

  • Thread starter Thread starter Paul & Lucy
  • Start date Start date
P

Paul & Lucy

Good afternoon everyone,

I'm a home user, and I notice that I'm getting many of these errors in the
event viewer. I can't find where this error is coming from. Does anyone
know what this is ? All my internet apps (mail, web, chat) seem to work
fine.

"Windows Firewall was unable to notify the user that it blocked an
application from accepting incoming connections on the network. (Error
Code: 2, Event ID: 5032, Source: security-auditing) "

I tried looking up 5032 in Microsoft's error lookup page, but found nothing.

Thanks for any insight you can provide, sincerely,

Paul
 
This happens when a service is blocked from receiving inbound traffic. The
firewall only notifies the user when an interactive program is blocked.

If you open the event and look at the details you will see a Process ID.
That process ID will tell you which process was blocked. You can determine
the name of the process using Task Manager (hit CTRL+SHIFT+ESC to launch it).
There is also a thread ID there. If you are inclined to go debugging you can
use that to figure out more specifically what was blocked. Keep in mind,
however, that process IDs are ephemeral and will change when the process is
restarted.
 
Thanks for the insight Jesper. I did as you suggested. The task manager
shows that the process is called "Isass.exe" which is the "local security
authority process" and is part of the RPC (remote procedure call) process.
The service that are associated with it is something called "CNG Key
Isolation" (KeyIso). Don't know what to do here.

It was also mentioned that this error can come up when the computer doesn't
have enough memory to notify the user.

___________________________________
 
It is actually kind of the other way around. Think of LSASS as the "executive
branch" of security on your computer. It enforces all the rules around
security, including authentication, access checks, etc. It uses RPC for many
of its calls.

I have never heard this may happen when the computer has insufficient
memory, but maybe it could. In this particular case it is most definitely a
service that received data that the firewall blocked. It could be malicious
or benign. Without sniffing to find out you won't know. It can actually be as
simple as LSASS calling into itself (which is quite common) using a network
API. Upon failure it can retry with a local call.

I would not worry about it though. It is quite normal to see these. Over the
last two days I have 29 of these. Most or all are related to LSASS. I have
noticed no stability problems with it, and in any case, there is insufficient
information in the event log message to act on it.

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


Paul & Lucy said:
Thanks for the insight Jesper. I did as you suggested. The task manager
shows that the process is called "Isass.exe" which is the "local security
authority process" and is part of the RPC (remote procedure call) process.
The service that are associated with it is something called "CNG Key
Isolation" (KeyIso). Don't know what to do here.

It was also mentioned that this error can come up when the computer doesn't
have enough memory to notify the user.

___________________________________
 
I'm glad I don't have to worry about it, because it would otherwise one heck
of a problem to crack. I was just going through the event viewer to see
what errors are in there and trying to see which ones are important and
which ones aren't.

Thanks once again,

Paul
__________________________________

Jesper said:
It is actually kind of the other way around. Think of LSASS as the
"executive
branch" of security on your computer. It enforces all the rules around
security, including authentication, access checks, etc. It uses RPC for
many
of its calls.

I have never heard this may happen when the computer has insufficient
memory, but maybe it could. In this particular case it is most definitely
a
service that received data that the firewall blocked. It could be
malicious
or benign. Without sniffing to find out you won't know. It can actually be
as
simple as LSASS calling into itself (which is quite common) using a
network
API. Upon failure it can retry with a local call.

I would not worry about it though. It is quite normal to see these. Over
the
last two days I have 29 of these. Most or all are related to LSASS. I have
noticed no stability problems with it, and in any case, there is
insufficient
information in the event log message to act on it.
 
Just to start out, I KNOW this thread is a year old, but since I have the same problem, I'll bump this, rather than creating a new thread.

I've been looking EVERYWHERE for a solution now, and I am getting desperate...

I get this exact same error in my Event Viewer. However, I wouldn't have bothered with it, unless it actually caused me problems.

The 11th of October I started disconnecting within one hour (5 mins at minimum) from my internet while playing a game I use to play, but the internet reconnects quickly within 10-15 seconds. This is getting really annoying, and I always disconnect from the game I'm playing when this happens.

I've been looking for solutions EVERYWHERE, asked everywhere, and done everything I could... but I have yet to locate the problem. Just to put it out there, I've tried almost everything (and no, it's not my router, modem, connection, stability or any of that, because this only happens on MY computer only, and no other computer on the same network); check this thread where I've written in more details:

http://www.vistaheads.com/forums/mi...295620-disconnecting-every-10-40-minutes.html


I've concluded that this error HAS to be the reason my internet disconnects, because I started getting the logs at the EXACT same date my disconnections started happening; I am now up to 800-900 logs of this same error. It also happens at the same minute my internet disconnection happens.

I've located the process, and just as the person who created this topic, I've found it to be Lsass.exe.

I do not know what to do anymore. This disconnection is bothering me incredibly much, and I'm almost about to give up after 1 and a half week of researching.

Thanks in advance.
 
in message
Just to start out, I KNOW this thread is a year old, but since I have the
same problem, I'll bump this, rather than creating a new thread.

Please note:
This is NOT a chat room and You are NOT posting to a forum run by
Eggheadcafe - you are actually posting to a global Usenet Newsgroup. You
will get a far better experience if you use a newsreader and subscribe to
these groups directly, rather than through Eggheadcafe.

Setting up Outlook Express/Windows Mail to access Microsoft newsgroups
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

Accessing the MS newsgroups in Outlook Express/Windows Mail Newsreader
http://www.microsoft.com/windowsxp/expertzone/newsgroupsetup.mspx

If you must stay with Egghheadcafe then please follow Usenet custom by
quoting the post you are replying to, and replying to the thread.

Thank you.

http://dts-l.net/goodpost.htm
 
Back
Top