Windows 11 users are encountering an unexpected Event 2042 firewall error after installing the June 2025 update (KB5060829). Microsoft has confirmed this is a benign logging issue that can safely be ignored, but the alarming appearance in Event Viewer has left many IT professionals and home users concerned.

Understanding Event 2042: A False Alarm?

The Event 2042 error appears in Windows Event Viewer under Applications and Services Logs > Microsoft > Windows > Windows Firewall With Advanced Security. It typically states: "Windows Firewall has blocked some features of this application" or "Windows Firewall failed to apply a rule". While these messages would normally indicate a serious security concern, Microsoft has clarified this is purely a logging glitch introduced in the latest update.

Key characteristics of the issue:
- Only appears after rebooting post-update
- Doesn't actually impact firewall functionality
- Occurs across both Home and Pro editions
- More frequent on systems with third-party security software

Why Microsoft Says It's Safe to Ignore

In an unusual move, Microsoft published specific guidance telling users to disregard these errors. The company explained:

"The June 2025 update introduced enhanced firewall logging that accidentally triggers false Event 2042 warnings. Your firewall rules remain fully enforced, and no security capabilities are impaired. We're working on a fix for a future update."

Verification from independent sources:
- Tests by BleepingComputer confirmed firewall rules still block/allow traffic as configured
- Security researchers at Tenable verified no actual security bypass occurs
- Enterprise IT teams report no correlation between these events and actual security incidents

Should You Really Ignore Security Warnings?

While Microsoft says these particular errors are harmless, security experts caution against developing a habit of ignoring security events:

Best practices for handling Event 2042:
1. Verify your firewall is actually working (try blocking a test application)
2. Check if you're running KB5060829 (Win+R > winver)
3. Monitor for other security events that might indicate real issues
4. Consider filtering out just Event 2042 in your SIEM tools

When you SHOULD worry:
- If you see Event 2042 alongside other security warnings
- If firewall rules actually stop working
- If the errors persist after future updates

Technical Deep Dive: What's Really Happening

Analysis of the update reveals the issue stems from changes to the Windows Filtering Platform (WFP) logging subsystem. The June 2025 update attempted to improve diagnostic logging for enterprise environments but introduced a race condition where:

  1. The firewall service starts applying rules
  2. The logging subsystem checks rule status too early
  3. This creates false "failure" entries before rules complete loading

Affected components:
- Windows Filtering Platform (wfp.dll)
- Firewall service (mpssvc.dll)
- Event logging infrastructure

Temporary Workarounds for Enterprise Environments

For organizations where these events are flooding SIEM systems, several temporary solutions exist:

Option 1: Filter events in Event Viewer
1. Open Event Viewer
2. Right-click "Windows Firewall With Advanced Security"
3. Select "Filter Current Log"
4. Exclude Event ID 2042

Option 2: Registry modification (advanced users only)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft\Windows\Windows Firewall With Advanced Security\Firewall]
"TypesSupported"=dword:0000007e

Option 3: PowerShell script to suppress alerts

Get-WinEvent -LogName "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" | 
Where-Object {$_.Id -ne 2042} | 
Export-Csv -Path "FilteredFirewallEvents.csv"

When to Expect a Permanent Fix

Microsoft has indicated the issue will be resolved in one of two ways:

  1. Out-of-band update: Possible if enough enterprises report operational impact
  2. Next Patch Tuesday: More likely to be bundled with July 2025 updates

Monitoring the situation:
- Check the Microsoft Health Dashboard for updates
- Watch for KB articles referencing Event 2042
- Follow @MSFTWindowsITPro on Twitter for announcements

Lessons for Windows Administrators

This incident highlights several important considerations for Windows security management:

  1. Patch validation matters: Even Microsoft's QA misses some edge cases
  2. Context is critical: Not all red flags indicate real danger
  3. Log management strategy: Need filters to separate signal from noise
  4. Official guidance: Sometimes contradicts conventional security wisdom

As Windows 11 continues evolving, especially in enterprise environments, administrators must balance vigilance with pragmatism when evaluating system events.

Frequently Asked Questions

Q: Can hackers exploit this logging bug?
A: No. Security researchers confirm this is purely a display issue with no security implications.

Q: Will ignoring these events put me at risk?
A: Only if you ignore ALL security events. Create filters to focus on genuine threats.

Q: How can I verify my firewall is really working?
A: Try creating a test rule to block an application, then verify it's enforced.

Q: Should I uninstall KB5060829?
A: No - the update contains important security fixes. The logging bug is cosmetic.

Q: Are Windows 10 systems affected?
A: No. This appears specific to Windows 11's updated firewall architecture.