The Windows Firewall logs 861 events pertaining to the eventsentry_svc.exe every time the service starts and throughout its runtime. The events usually mention UDP ports in the 1000-4000 range. Why is EventSentry listening on UDP ports?

Article ID: 148
Category: Security
Created: 2007-08-20

The EventSentry service uses Microsoft's LDAP library to resolve GUIDs from Active Directory at startup and during runtime. The port number will vary on different machines and might change during runtime.

The Microsoft LDAP library opens up both a TCP and UDP connection upon initialization and connection to the nearest domain controller.

There are no security implications related to this message if the host you are running EventSentry on is up-to-date with the latest security patches.

You can safely ignore this message.