Suspicious event log Event ID: 4905

-

hi thr,

could please me understand causing such event logs generate ?

as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers.

the event longs generated following messages:

1) attempt made unregister security event source.

2) attempt made register security event source.

these events not regular generated on random days.

standard fields:
date:               2013/10/19
time:               02:32:19
importance:         critical
rule name:          security event
monitored machine:  <domain controller>
log format:         windows
log name:           security
event id:           4905
in work hours:      yes

dynamic fields:
internal timestamp: 2013/10/19 09:18:19.974
type:               success audit
isadmin:            no
source:             security-auditing
system time:        10/19/13 02:32:19
event record id:    499645946
category:           audit policy change
username:           
process id:         536
name:               microsoft-windows-security-auditing
guid:               54849625-5478-4994-a5ba-3e3b0328c30d
event source name:  
qualifiers:         
level:              0
task:               13568
sys opcode:         0
keywords:           0x8020000000000000
activity id:        
related activity id: 
thread id:          2344
channel:            security
computer:           <domain controller>
user sid:           
version:            0
subject user sid:   nt authority\system
subject user name:  domain controller$
subject domain name: <domainname>
subject logon id:   0x3e7
process name:       c:\windows\system32\vssvc.exe
audit source name:  vssaudit
event source id:    0x1022f145

thanks help.

regards,

bibhs

hi,

windows logs event, when application calls authzunregistersecurityeventsource , provides audit trail of applications report custom security events.  normal see event logged several built-in components of windows including iis , dfs-r.

we trying better understand customer views on social support experience, participation in interview project appreciated if have time.
helping make community forums great place.



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more