4958 A firewall rule was not applied because it referred to items not configured on this computer
Written when the Windows Firewall did not apply a rule because the items the rule refers to do not exist on this machine. It indicates a rule gap due to environment differences.
Overview
The subcategory is Audit MPSSVC Rule-Level Policy Change. It is generated when a rule was not applied because the program, service, interface, and so on that it references is not configured on the machine. Among general non-application 4957, it is the case where the cause is “missing reference.”
How it is triggered
- When the executable or service a rule points to is absent on the machine and the rule could not be applied (such as distributing a common GPO to diverse machines).
Security review points
- Non-application due to a missing reference is often normal, caused by environment differences. However, since it creates a situation where a defensively important rule is not in effect on a particular machine, check non-application of important rules.
- When distributing a common rule set, match against the machine’s configuration to judge whether the non-application is expected.
Notes for log review
- It easily occurs legitimately when distributing a common GPO to machines of diverse configurations. Confirm narrowed to non-application of important rules.
- Together with 4957, understand gaps in rule application.
Key fields
| Field | Meaning |
|---|---|
| Unapplied rule | The rule in question |
| Missing referenced item | The absent program/service, etc. |