Audit File Share Event 5140 S, F: A network share object was accessed. Audit Security System Extension Event 4610 S: An authentication package has been loaded by the Local Security Authority. Event 4704 S: A user right was assigned. Creating your account only takes a few minutes. http://juicecoms.com/event-id/event-id-5152-windows-filtering-platform.html
Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted. Event 4779 S: A session was disconnected from a Window Station. Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid. Event 5632 S, F: A request was made to authenticate to a wireless network.
Event 4697 S: A service was installed in the system. Event 4931 S, F: An Active Directory replica destination naming context was modified. Event 5035 F: The Windows Firewall Driver failed to start. Event 4781 S: The name of an account was changed.
Level Keywords Audit Success, Audit Failure, Classic, Connection etc. And why would my anti-virus software cause so many of these events? Event 4985 S: The state of a transaction has changed. Event Id 5152 Marked as answer by Cloud_TSModerator Wednesday, June 29, 2011 1:11 AM Monday, June 20, 2011 10:12 AM Reply | Quote Moderator 2 Sign in to vote This didn't really answer the
Event 5137 S: A directory service object was created. Disable The Filtering Platform Connection Audit Policy Event 4674 S, F: An operation was attempted on a privileged object. Start any other services that were stopped when the HTTP listener adapter was shut down. Event 5059 S, F: Key migration operation.
Event 4615 S: Invalid use of LPC port. Event Id 4656 To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority. Event 5066 S, F: A cryptographic function operation was attempted. Probably due to anti-virus software (SEP 11) Windows 7 IT Pro > Windows 7 Security Question 0 Sign in to vote I noticed event ID 5156 is filling up my event
Audit Audit Policy Change Event 4670 S: Permissions on an object were changed. http://kb.eventtracker.com/evtpass/evtpages/EventId_5158_Microsoft-Windows-Security-Auditing_61459.asp To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):If you convert the hexadecimal value to decimal, you can compare it to The Windows Filtering Platform Has Permitted A Bind To A Local Port Use 'Filter Platform Policy Change - success' to see all inbound and outbound connections to and from your Windows Server or Workstation. Event Id 5156 Event 5062 S: A kernel-mode cryptographic self-test was performed.
EventID 5158 - The Windows Filtering Platform has permitted a bind to a local port. weblink Audit Other Account Management Events Event 4782 S: The password hash an account was accessed. Event 4767 S: A user account was unlocked. Audit IPsec Extended Mode Audit IPsec Main Mode Audit IPsec Quick Mode Audit Logoff Event 4634 S: An account was logged off. Event Id 5145
Event 4694 S, F: Protection of auditable protected data was attempted. Manage Your Profile | Site Feedback Site Feedback x Tell us about your experience... Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process. navigate here Event 6422 S: A device was enabled.
Event 4718 S: System security access was removed from an account. Unique within one Event Source. Event 4661 S, F: A handle to an object was requested.
We appreciate your feedback. Event 4802 S: The screen saver was invoked. Event 4930 S, F: An Active Directory replica source naming context was modified. Event 4866 S: A trusted forest information entry was removed.
Requirements to use AppLocker AppLocker policy use scenarios How AppLocker works Understanding AppLocker rule behavior Understanding AppLocker rule exceptions Understanding AppLocker rule collections Understanding AppLocker allow and deny actions on rules Event 4770 S: A Kerberos service ticket was renewed. Event 6423 S: The installation of this device is forbidden by system policy. http://juicecoms.com/event-id/event-id-1003-office-software-protection-platform-service.html Event 1102 S: The audit log was cleared.
Event 4771 F: Kerberos pre-authentication failed.