The Windows Filtering Platform Connection success auditing creates a new security log entry each time the Penetration Patrol Agent makes a local connection. This in turn generates a Penetration Patrol alert. This results in an inordinate volume of logs local to the server and alerts on our Penetration Patrol host and as a result, we do not allow hosts with this option enabled to continue reporting to our host server.
Disabling this option can be done by opening a Command Propt with Administrator privileges and running the below command.
Last updated 10 December 2015, 16:00 GMT