5029 The Windows Firewall Service failed to initialize the driver
Written when the Windows Firewall Service failed to initialize the driver. The service continues enforcing the current policy.
Overview
The subcategory is Audit Other System Events. It is generated when initialization of the driver the firewall depends on (the filtering platform driver) fails. The service does not stop; it keeps the current policy.
How it is triggered
- When driver load/initialization fails (corruption, conflict, dependent-service problems, and so on).
Security review points
- A driver initialization failure indicates that part of the filtering functionality may not work correctly. Since it can lead to malfunction of the firewall or network filtering, investigate the cause.
- Also consider the slight possibility of operations aiming to tamper with or disable the driver, and check related driver loads and service state.
Notes for log review
- It is a rare fault event. When it occurs, check the state of the driver and dependent services and the health of the filtering functionality.
Key fields
| Field | Meaning |
|---|---|
Error information | The cause of the initialization failure |