5035 The Windows Firewall Driver failed to start
Written when the Windows Firewall driver fails to start. It means the filtering functionality does not come up.
Overview
The subcategory is Audit Other System Events. It is generated when the firewall kernel driver fails to start. It is the fault counterpart to successful start 5033.
How it is triggered
- When startup fails due to driver corruption, conflict, dependency problems, and so on.
Security review points
- If the driver does not start, packet filtering is not in effect. Together with service start failure 5030, it creates a state where defenses are inactive, so investigate the cause.
- Also consider the slight possibility of operations aiming to tamper with or disable the driver.
Notes for log review
- It is a rare fault event. Strengthen communication monitoring while it persists, since filtering is not in effect.
- Check whether a successful start 5033 follows.
Key fields
| Field | Meaning |
|---|---|
Error information | The cause of the start failure |