4952 Parts of a rule were ignored because its minor version number was not recognized

Written when a firewall rule’s minor version could not be recognized and parts of the rule were ignored. The difference from 4951 is that the remaining parts are enforced.

Overview

The subcategory is Audit MPSSVC Rule-Level Policy Change. It is generated when a rule’s minor version is not recognized and parts of it are ignored. Unlike 4951 where the whole rule is ignored, the recognized parts are still applied.

How it is triggered

When a minor-version-mismatched firewall rule is partially ignored.

Security review points

Part of a rule being ignored means the intended control may not be fully in effect. Check especially whether defensively relevant conditions (scope, port, etc.) were ignored.
It is mostly compatibility-induced. Review version consistency in rule distribution.

Notes for log review

It can occur due to version differences. Check which parts were ignored.
Assess rule-application health together with 4951/4953.

Key fields

Field	Meaning
Partially-ignored rule	The rule in question

References

Microsoft Learn: 4952(F) Parts of a rule have been ignored because its minor version number was not recognized.