Question : HELP! "Firewall has detected an application listening for incoming traffic." Event ID# 861 lsass.exe

I just got in some new Dell Optiplexes preinstalled with Win XP Pro SP2. They are identical. I have joined the computers to the domain. The only software they have installed is ISA Firewall client, Symantec AV, Lotus Notes, Adobe Reader, Windows XP, Office 2003. All of those programs work fine. Computers correctly locate the proxy server, update their definitions, talk to the server, launch lotus notes, etc. But on all of them I keep getting this error en-masse. It appears over and over again, filling up the logs. I know its not a trojan or virus, these are brand new machines. I'd like to keep the XP firewall turned on, if possible. Any help is truly appreciated.

Event ID# 861
The Windows Firewall has detected an application listening for incoming traffic.

Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 700
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 4299
Allowed: No
User notified: No

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Answer : HELP! "Firewall has detected an application listening for incoming traffic." Event ID# 861 lsass.exe

Use a netsh script on each machine:

netsh firewall add allowedprogram LSASS \ C:\WINDOWS\system32\lsass.exe

This will allow lsass.exe outbound, and will get rid of these messages.
Maybe put this in a login script to make things easier?

Random Solutions

Unable to setup dial-up connection

The mirror copies of the FAT do not match. Volume SYS not mounted

Windows Updates & WSUS Remote Laptops

Weblogic 9.2 log file location

Cisco 7970 Configuration

DNS Server cleanup and Update

Enable LMHOSTS Lookup is Unchecking Itself on the WINS Address Tab

XP Pro - Shared Folder Access

QOS for LAN Voip

how to measure one-way trip time over internet?