The Windows Filtering Platform Connection success auditing creates a new security log entry each time the Intrusion Detection Agent makes a local connection. This in turn generates a Intrusion Detection alert. This results in an inordinate volume of logs local to the server and alerts on our Intrusion Detection host and as a result, we do not allow hosts with this option enabled to continue reporting to our host server.

Disabling this option can be done by opening a Command Prompt with Administrator privileges and running the below command.

auditpol /set /subcategory:"Filtering Platform Connection" /success:disable

By default our Windows Server Images provided for our Cloud VPSs and Dedicated Servers come with this option already Disabled, this only needs applying if the option has been re-enabled for any reason.