[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 197798 Download | Alert*

This subcategory reports when connections are allowed or blocked by WFP. These events can be high in volume. Events for this subcategory include: ? 5031: The Windows Firewall Service blocked an application from accepting incoming connections on the network. ? 5154: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. ? 5155 : The Wi ...

This subcategory reports when a user account or service uses a sensitive privilege. A sensitive privilege includes the following user rights: Act as part of the operating system, Back up files and directories, Create a token object, Debug programs, Enable computer and user accounts to be trusted for delegation, Generate security audits, Impersonate a client after authentication, Load and unload d ...

This subcategory reports changes in policy rules used by the Microsoft Protection Service (MPSSVC.exe). This service is used by Windows Firewall and by Microsoft OneCare. Events for this subcategory include: ? 4944: The following policy was active when the Windows Firewall started. ? 4945: A rule was listed when the Windows Firewall started. ? 4946: A change has been made to Windows Firewall exc ...

This subcategory reports other logon/logoff-related events, such as Terminal Services session disconnects and reconnects, using RunAs to run processes under a different account, and locking and unlocking a workstation. Events for this subcategory include: ? 4649: A replay attack was detected. ? 4778: A session was reconnected to a Window Station. ? 4779: A session was disconnected from a Window St ...

This subcategory reports other types of security policy changes such as configuration of the Trusted Platform Module (TPM) or cryptographic providers. Events for this subcategory include: ? 4909: The local policy settings for the TBS were changed. ? 4910: The group policy settings for the TBS were changed. ? 5063: A cryptographic provider operation was attempted. ? 5064: A cryptographic context ...

Earlier security GPOs from Microsoft include settings that configure the audit categories in previous versions of Windows. These earlier GPOs do not apply to computers running Windows Vista. The GPOs intended for use in enterprise environments have been designed to work with Windows XP-based computers. Settings for audit categories are included in these GPOs so that computers running Windows XP in ...

This subcategory reports changes in audit policy including SACL changes. Events for this subcategory include: ? 4715: The audit policy (SACL) on an object was changed. ? 4719: System audit policy was changed. ? 4902: The Per-user audit policy table was created. ? 4904: An attempt was made to register a security event source. ? 4905: An attempt was made to unregister a security event source. ? ...

This subcategory reports when a user's account is locked out as a result of too many failed logon attempts. Events for this subcategory include: ? 4625: An account failed to log on. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http://support.microsoft.com/default.a ...

This subcategory reports changes in security state of the system, such as when the security subsystem starts and stops. Events for this subcategory include: ? 4608: Windows is starting up. ? 4609: Windows is shutting down. ? 4616: The system time was changed. ? 4621: Administrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on. Some audita ...

This subcategory reports each event of user account management, such as when a user account is created, changed, or deleted; a user account is renamed, disabled, or enabled; or a password is set or changed. If you enable this Audit policy setting, administrators can track events to detect malicious, accidental, and authorized creation of user accounts. Events for this subcategory include: ? 4720: ...


Pages:      Start    19309    19310    19311    19312    19313    19314    19315    19316    19317    19318    19319    19320    19321    19322    ..   19779

© SecPod Technologies