4957 Windows Firewall did not apply the following rule
Written when the Windows Firewall did not apply a rule. It indicates that, due to a rule conflict or configuration problem, an intended defense may not be in effect.
Overview
The subcategory is Audit MPSSVC Rule-Level Policy Change. It is generated when the firewall could not apply a rule for some reason. A missing referenced item is recorded separately by 4958.
How it is triggered
- When a rule was not applied due to a rule conflict, missing dependency settings, and so on.
Security review points
- An unapplied rule does not provide the intended control. Check whether an important defensive rule went unapplied.
- It is mostly configuration-induced. However, since it creates a defensive gap, review the content and reason of the unapplied rule.
Notes for log review
- Check the reason for non-application (a missing reference is 4958). Note non-application of important rules.
- Evaluate rule-application health together with the startup listing 4945.
Key fields
| Field | Meaning |
|---|---|
| Unapplied rule | The rule in question |
| Reason | The cause of non-application |