• Support
  • Forums
  • Blogs

Easiest way to suppress all Windows Filtering Platform events

SanibelJackSanibelJack

New Life Form
Good day,
the Windows Filtering Platform is filling up my allotted monthly data storage and would like to filter this out. Is there an easier way other than to click "suppress" on the thousands of alerts?

Thanks

Share post:

Answers

  • I believe this was feature that someone at MS decided was cool to add in Windows Server 2008 and Windows 8 if I remember right. It was a real PITA at the time. Just filled the logs with every single network connection made to and from a system. 

    Probably not a bad idea in general, but Windows is overly chatty on the network side. Windows likes to try to find every other Windows computer on every network it can find for some reason. Mostly Master Browser elections and queries.

    Your best bet is to disable the audit success events on every server at a minimum. I usually use the auditpol on the command line, but you can also do it from the policies MMC. Although I seem to remember something not being as granular on the policy MMC.

    Here is an article about doing it that is pretty straightforward.



    SanibelJack
Sign In or Register to comment.