The Windows Filtering Platform Connection success auditing creates a new security log entry each time the Intrusion Detection Agent makes a local connection. This in turn generates a Intrusion Detection alert. This results in an inordinate volume of logs local to the server and alerts on our Intrusion Detection host and as a result, we do not allow hosts with this option enabled to continue reporting to our host server.
Disabling this option can be done by opening a Command Propt with Administrator privileges and running the below command.
Last updated 18 July 2019, 08:11 GMT