none
Windows Event log 4799 RRS feed

  • Вопрос

  • Добрый день!

    У меня тут каждую секунду сыпятся Security logs с кодом 4799/5059/5058

    Кака я понял это связано с Audit политикой.

    Они разве должны так часто сыпатся? новые записи поевляются каждую минуту и сразу в секунду много.

    - System 
    
      - Provider 
    
       [ Name]  Microsoft-Windows-Security-Auditing 
       [ Guid]  {54849625-5478-4994-A5BA-3E3B0328C30D} 
     
       EventID 4799 
     
       Version 0 
     
       Level 0 
     
       Task 13826 
     
       Opcode 0 
     
       Keywords 0x8020000000000000 
     
      - TimeCreated 
    
       [ SystemTime]  2018-09-04T07:24:41.706390600Z 
     
       EventRecordID 9754 
     
      - Correlation 
    
       [ ActivityID]  {36F271A5-441F-0006-CC71-F2361F44D401} 
     
      - Execution 
    
       [ ProcessID]  844 
       [ ThreadID]  972 
     
       Channel Security 
     
       Computer PC-1219-291217.headoffice.balticom.lv 
     
       Security 
     
    
    - EventData 
    
      TargetUserName Backup Operators 
      TargetDomainName Builtin 
      TargetSid S-1-5-32-551 
      SubjectUserSid S-1-5-18 
      SubjectUserName PC-1219-291217$ 
      SubjectDomainName HEADOFFICE 
      SubjectLogonId 0x3e7 
      CallerProcessId 0xbd4 
      CallerProcessName C:\Windows\System32\svchost.exe 
    
    - System 
    
      - Provider 
    
       [ Name]  Microsoft-Windows-Security-Auditing 
       [ Guid]  {54849625-5478-4994-A5BA-3E3B0328C30D} 
     
       EventID 5059 
     
       Version 1 
     
       Level 0 
     
       Task 12292 
     
       Opcode 0 
     
       Keywords 0x8020000000000000 
     
      - TimeCreated 
    
       [ SystemTime]  2018-09-04T07:18:42.471643700Z 
     
       EventRecordID 9750 
     
       Correlation 
     
      - Execution 
    
       [ ProcessID]  844 
       [ ThreadID]  3152 
     
       Channel Security 
     
       Computer PC-1219-291217.headoffice.balticom.lv 
     
       Security 
     
    
    - EventData 
    
      SubjectUserSid S-1-5-19 
      SubjectUserName LOCAL SERVICE 
      SubjectDomainName NT AUTHORITY 
      SubjectLogonId 0x3e5 
      ClientProcessId 5652 
      ClientCreationTime 2018-09-04T07:18:42.227295900Z 
      ProviderName Microsoft Software Key Storage Provider 
      AlgorithmName ECDSA_P256 
      KeyName Microsoft Connected Devices Platform device certificate 
      KeyType %%2500 
      Operation %%2464 
      ReturnCode 0x0 
    

    - System 
    
      - Provider 
    
       [ Name]  Microsoft-Windows-Security-Auditing 
       [ Guid]  {54849625-5478-4994-A5BA-3E3B0328C30D} 
     
       EventID 5058 
     
       Version 1 
     
       Level 0 
     
       Task 12292 
     
       Opcode 0 
     
       Keywords 0x8020000000000000 
     
      - TimeCreated 
    
       [ SystemTime]  2018-09-04T07:18:42.466122900Z 
     
       EventRecordID 9744 
     
       Correlation 
     
      - Execution 
    
       [ ProcessID]  844 
       [ ThreadID]  3152 
     
       Channel Security 
     
       Computer PC-1219-291217.headoffice.balticom.lv 
     
       Security 
     
    
    - EventData 
    
      SubjectUserSid S-1-5-19 
      SubjectUserName LOCAL SERVICE 
      SubjectDomainName NT AUTHORITY 
      SubjectLogonId 0x3e5 
      ClientProcessId 5652 
      ClientCreationTime 2018-09-04T07:18:42.227295900Z 
      ProviderName Microsoft Software Key Storage Provider 
      AlgorithmName ECDSA_P256 
      KeyName Microsoft Connected Devices Platform device certificate 
      KeyType %%2500 
      KeyFilePath C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_2560dc64-d1e7-4e5a-9eaf-5f99415ea022 
      Operation %%2459 
      ReturnCode 0x0 
    


    4 сентября 2018 г. 7:43

Ответы