No announcements
Found 1503348 threads
-
2 VotesEvent logs filling up with event IDs 5157, 5152, 5156
Event ID 5156 is recorded over 300,000 times every day on my AD DS box.Answered | 3 Replies | 6217 Views | Created by frcountry1 - Thursday, September 10, 2015 3:31 PM | Last reply by JEmlay - Thursday, July 28, 2016 4:01 PM
-
9 Votes
Event ID 5156 filling up event logs.
Hi Event Id 5156 mean windows firewall is allowing a connection to host and to eliminate this pls logs cmd and type the ...Answered | 4 Replies | 80257 Views | Created by red888 - Thursday, June 16, 2011 12:54 PM | Last reply by Syed_Rabbani - Saturday, May 4, 2013 10:22 AM -
0 Votes
Security Event Logs Filling With Removable Storage (4658 & 4663) and Filtering Platform Connection (5156)
New case ...Unanswered | 6 Replies | 1822 Views | Created by ntalbot.work - Thursday, July 23, 2020 9:23 PM | Last reply by Daisy Zhou - Friday, August 7, 2020 7:39 AM -
0 Votes
ACS Filter Out Event 5156 (AdtAdmin.exe /setquery)
If you'd like more information on noise filters plus a whole host of pre-defined filters then you might want to take a look at the noise filter guide from secure ...Answered | 11 Replies | 4719 Views | Created by Hola IT GUY - Wednesday, March 14, 2012 3:59 PM | Last reply by Graham Davies - Thursday, March 15, 2012 8:15 PM -
3 Votes
Windows 10 1809 - Removable storage inspection does not work, the system does not generate 4663 events.
As 4663 event log will recorded if user access sources.Answered | 8 Replies | 1519 Views | Created by Lukasz Handy - Thursday, October 4, 2018 6:24 AM | Last reply by techs uk - Wednesday, May 22, 2019 7:22 AM -
1 Votes
Turn off Filtering Platform Connection and Filtering Platform Packet Drop in logging
You need to remove the space after the colon, like this: auditpol /set /subcategory:”Filtering Platform Packet Drop” /success:disable ...Answered | 6 Replies | 13434 Views | Created by Dave Kallweit - Thursday, August 4, 2016 5:38 PM | Last reply by SonnyZ - Monday, September 18, 2017 5:19 PM -
0 Votes
custom security log for file audit
the registry and content of the windows folder are by default also audited causing already a huge amount of the same event id and source. the Filtering Platform ...Answered | 3 Replies | 3278 Views | Created by royjacobs - Wednesday, May 15, 2013 8:37 AM | Last reply by - Friday, December 6, 2013 8:47 AM -
3 Votes
SCOM monitor for removable devices Windows Server 2012 event ID 4656, 4663 doesn't generate an alert
Change this to: event id "matches regular expression" ^(1234|2345)$ (fill in the events you want ofcourse).Answered | 9 Replies | 782 Views | Created by maxed88 - Tuesday, May 17, 2016 12:03 PM | Last reply by System Center guy - Friday, May 20, 2016 6:56 AM -
0 Votes
Event log filtering for remote connections
>But I'd like to know if there are any further possibilities to search from the results of this filter to find real users (not service accounts etc.) that have connected remotely ...Answered | 1 Replies | 3188 Views | Created by CesarTabares - Tuesday, May 12, 2015 2:56 PM | Last reply by Frank Shen5 - Thursday, May 14, 2015 2:59 AM -
0 Votes
MS-FASP / Port Scanning Prevention Filter / Stealth Mode - Security Event Log Filling/Archiving at a Rapid Pace
Microsoft Firewall and Advanced Security Platform: We have a Windows 2012 Server which has the Firewall enabled and a group policy that enforces failures ...Answered | 1 Replies | 2765 Views | Created by AbeSun - Tuesday, November 10, 2015 8:52 PM | Last reply by Anne He - Monday, November 16, 2015 6:44 AM -
0 Votes
Firewall Security Event Log Empty, file not empty
f=255&MSPPError=-2147217396).Answered | 4 Replies | 1361 Views | Created by mdt109 - Monday, August 8, 2016 3:59 PM | Last reply by mdt109 - Tuesday, August 16, 2016 6:15 PM -
0 Votes
Ghost deletion of files showing Event ID 4663
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ Event ID 4663 is enough to track the access to ...Answered | 1 Replies | 899 Views | Created by tableauxstudios - Wednesday, March 30, 2016 9:13 PM | Last reply by Alvwan - Thursday, March 31, 2016 5:17 AM -
0 Votes
Event id 4625 got generated in 5 minutes for 300 times
Event 4663 documents actual operations performed against files and other objects.Answered | 1 Replies | 1070 Views | Created by sadanand velechi - Thursday, June 16, 2016 12:26 PM | Last reply by Alvwan - Friday, June 17, 2016 6:11 AM -
0 Votes
Security Event Log Overwriting
I am not sure actually how you can see the percentage filling of the event log.Answered | 5 Replies | 4015 Views | Created by PinPointV - Friday, May 27, 2011 9:57 AM | Last reply by rob1974 - Saturday, May 28, 2011 7:45 AM -
0 Votes
event 4740 not being logged in security events
Uh... let me be clear the problem I am having is I need the event 4740 to be audited and loggedin the security logs.Answered | 9 Replies | 650 Views | Created by F L I B O I - Wednesday, August 10, 2016 7:31 PM | Last reply by Andres parnova - Thursday, August 11, 2016 4:54 AM -
13 Votes
Cannot filter by user in Event Viewer security log
Why, oh why does Microsoft arbitrarily remove features from every product that is upgraded?Answered | 10 Replies | 88329 Views | Created by David M (LePivert) - Monday, December 12, 2011 4:04 PM | Last reply by Shelley Miller - Thursday, February 1, 2018 6:23 PM -
0 Votes
Filter server 2008 Security event logs?
filter via XML to filter the user logon and logoff events by specific attributes in the Event log.Answered | 11 Replies | 21742 Views | Created by Theelk - Wednesday, January 6, 2010 5:26 PM | Last reply by abdxj - Wednesday, January 30, 2013 1:57 AM -
5 Votes
How to filter Event log based on AD User?
We can also place a user name into the query and extract specific users: <QueryList> <Query Id="0" Path="Security"> <Select ...Answered | 7 Replies | 7683 Views | Created by Roget Luo - Monday, July 18, 2016 11:18 PM | Last reply by jrv - Tuesday, July 19, 2016 5:59 PM -
0 Votes
Event ID 4660, 4663 file deletion, task scheduler and map drives
http://social.msdn.microsoft.com/Forums/en-US/home?Answered | 4 Replies | 6018 Views | Created by Gavin Hall - Thursday, November 13, 2014 4:11 PM | Last reply by Omeriko75 - Tuesday, June 14, 2016 3:42 AM -
0 Votes
Excessive Logging in Windows Security Logs
A busily used file server is going to generate a massive number of events.Answered | 3 Replies | 2451 Views | Created by CityofPG - Wednesday, February 19, 2014 9:12 PM | Last reply by Alex Lv - Monday, February 24, 2014 2:58 AM - Items 1 to 20 of 1503348 Next ›
No announcements
