5028 The Windows Firewall Service was unable to parse the new security policy
Written when the Windows Firewall Service could not parse the new security policy. The service continues with the currently enforced policy.
Overview
The subcategory is Audit Other System Events. It is generated when parsing of a new policy fails. The service does not stop; it keeps the policy already in effect.
How it is triggered
- When parsing fails due to malformed or corrupt format of a distributed new policy.
Security review points
- The new policy cannot be parsed and the old one is kept, meaning the intended latest settings may not be in effect. Consider inconsistency in policy distribution (GPO, etc.) or parse disruption due to tampering.
- Together with retrieval failure 5027 and start failure 5030, confirm the application state of the firewall configuration.
Notes for log review
- It is a rare fault event. When it occurs, check the format of the distributed policy and the current enforcement state.
Key fields
| Field | Meaning |
|---|---|
Error information | The cause of the parse failure |