Windows 10: Can someone please tell me if these events are a security concern

I leave my laptop on all night and these events happened while I was sleeping over the past 2 days. There are alot of them but I will post a few. The reason I was concerned was because when I opened my anti-virus which I have done over 12 scans with this morning it said it had only been used 2 times, which means it would have been reinstalled while I was sleeping.


Windows Hello for Business provisioning will not be launched. Device is AAD joined AADJ or DJ++ : Not Tested User has logged on with AAD credentials: No Windows Hello for Business policy is enabled: Not Tested Windows Hello for Business post-logon provisioning is enabled: Not Tested Local computer meets Windows hello for business hardware requirements: Not Tested User is not connected to the machine via Remote Desktop: Yes User certificate for on premise auth policy is enabled: Not Tested Machine is governed by none policy.


A provider, MDMSettingsProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\mdm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.


A provider, UserProfileConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



A provider, Win32_FolderRedirectionConfiguration, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

A provider, InvProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



MSDTC encountered an error HR=0x80000171 while attempting to establish a secure connection with system LAPTOP-LA8PERAP.


Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.



WLAN Extensibility Module has stopped.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Profile notification of event Create for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is See Tracelogging for error details.



My laptop also for the first time showed the 3 cmd open and close on their own at logon.

:)

 

Corporate Security Solution

That made me so facepalm. Some people have absolutely no clue. I hope they don't take you for granted with all this you're doing for them.

SonicWall is a good security product, so Mindweaver's suggestion sounds like a good one and should make for a rather bigger baby step. Let's hope they take it.

 

AMD External events client module stopped working

Hi Jignesh,

I suggest you to follow the below methods and check if it helps.

Method 1: I suggest you to follow below steps and check.

Step 1: I suggest you to install all the latest pending Windows updates as below and check if it helps.

• Go to “settings” and click on “update and security”.
• Under tab “Windows update”, click on the icon “check for updates”.
• Then once you find the pending updates install it and check.

Step 2: I recommend you to download the Microsoft Safety Scanner from the following link and check if it helps.

Microsoft Safety Scanner Download - Windows security

Note: The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

Disclaimer: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

Method 2: To remove AMD External Events service Module from your computer, please follow the manual instructions below or use an automatic uninstaller product.

• Click the Windows Start Button. In Windows 8, look for Control Panel.
• Click Control Panel.
• Click Uninstall a program.
• Look for AMD External Events in the list of available programs.
• Click Uninstall.

Please get back to us with an update on this issue, we will be happy to assist you further.

Thank you

 

Events 4672 & 4624 Win 10 Freezes - special LOGON ?

Hi,

Thank you for writing to Microsoft Community Forums.

1. Are you on a domain network?
   
2. May I know the make and the model number of your system?
   

The event logs you have provided seems to be the security logs that is generated when you login to your system. For more information on the event that was generated, you can check
4672(S): Special privileges assigned to new logon.

The Windows error logs will be located at Event Viewer > Windows Logs > System.

Please follow the step below and check if it works for you.

Step: Improve Windows 10 Performance.

Try some of the following suggestions to help
make your Windows 10 PC run better. The steps are listed in order, so start with the first one, see if that fixes the problem, and then continue to the next one if it doesn’t.

Note: The last step on the article contains Windows Reset, I suggest you not to perform Windows reset, as there is a change your data and applications will be wiped and also
the OS will reverted back to previous version you upgraded from.

If the issue still persists, please reply to this post with more information so that we can identify the root cause of this issue and assist you further.

Hope it helps.

Amit Sunar

Microsoft Community – Moderator