Windows 10: how to enable specific event id in security.evtx

Discus and support how to enable specific event id in security.evtx in AntiVirus, Firewalls and System Security to solve the problem; How to enable an Event ID which is not enabled by default in Security.evtx... Discussion in 'AntiVirus, Firewalls and System Security' started by SoHa2, May 16, 2022.

  1. SoHa2 Win User

    how to enable specific event id in security.evtx


    How to enable an Event ID which is not enabled by default in Security.evtx

    :)
     
    SoHa2, May 16, 2022
    #1
  2. Techie_DD Win User

    Windows 10 workstation Security log filling with Event ID 4703

    My Windows 10 workstation's Security Event Log is filled with informational Event ID 4703 (like 20/second).

    It's an Audit Success on Authorization Policy Change category.

    Pretty much all are about the javaw.exe process & SeSecurityPrivilege. But also a few of them list svchost.exe as the process & a whole list of privileges.

    I can't find anything on the Net about event 4703.

    Sometimes it lists the privilege as Disabled (as below), and some are Enabled. Back & forth, multiple events per second.

    Does anyone have any idea what/why this is, or anyone else experiencing it?

    Here are the details of the event (edited for privacy)...

    Task Category: Authorization Policy Change

    Level: Information

    Keywords: Audit Success

    User: N/A

    Computer: xxxxx.yyyy.com

    Description:

    A user right was adjusted.

    Subject:

    Security ID: SYSTEM

    Account Name: XXXXXX

    Account Domain: YYYYYYYY

    Logon ID: 0x3E7

    Target Account:

    Security ID: SYSTEM

    Account Name: XXXXXXX

    Account Domain: YYYYYYYYY

    Logon ID: 0x3E7

    Process Information:

    Process ID: 0xb24

    Process Name: C:\Windows\SysWOW64\ContegoSPOP\jre1.7.0_65\bin\javaw.exe

    Enabled Privileges:

    -

    Disabled Privileges:

    SeSecurityPrivilege
     
    Techie_DD, May 16, 2022
    #2
  3. Event id 10016 runtime broker

    This ClassID and AppID are for the RuntimeBroker which is used to manage Windows Store apps; specifically monitoring access to APIs and security checks. So ignoring this isn't necessarily the best thing to do.

    I had another DCOM error related to the NVidia video card which was killing applications. That ClassID/AppID combination was used in the example to fix the issue here: Event ID 10016 - DistributedCOM

    To fix this specific problem. Follow the same steps with one exception: instead of looking for the AppID in DCOM list, look for the application name (RuntimeBroker) directly, since it is there.
     
    JesterKnot, May 16, 2022
    #3
Thema:

how to enable specific event id in security.evtx

Loading...
  1. how to enable specific event id in security.evtx - Similar Threads - enable specific event

  2. What Event IDs are Enabled by Default?

    in AntiVirus, Firewalls and System Security
    What Event IDs are Enabled by Default?: I'm trying to figure out what Event IDs are enabled by default for Windows 10 and Windows 11 devices. Is there a list of these or is it possible to query them in PowerShell on a brand new image?Thank you....
  3. What Event IDs are Enabled by Default?

    in Windows 10 Gaming
    What Event IDs are Enabled by Default?: I'm trying to figure out what Event IDs are enabled by default for Windows 10 and Windows 11 devices. Is there a list of these or is it possible to query them in PowerShell on a brand new image?Thank you....
  4. What Event IDs are Enabled by Default?

    in Windows 10 Software and Apps
    What Event IDs are Enabled by Default?: I'm trying to figure out what Event IDs are enabled by default for Windows 10 and Windows 11 devices. Is there a list of these or is it possible to query them in PowerShell on a brand new image?Thank you....
  5. Event ID 86, event ID 13, event ID 7000, event ID 8193, event ID 10005

    in Windows 10 BSOD Crashes and Debugging
    Event ID 86, event ID 13, event ID 7000, event ID 8193, event ID 10005: Hello,It's a couple of months I have this problem I think it startet around half of may after a windows update.It's not very frequent but it all starte while playing Escape from Tarkov.Basically my pc froze and I had to force restart by pressing the power button.After I...
  6. Event ID 86, event ID 13, event ID 7000, event ID 8193, event ID 10005

    in Windows 10 Gaming
    Event ID 86, event ID 13, event ID 7000, event ID 8193, event ID 10005: Hello,It's a couple of months I have this problem I think it startet around half of may after a windows update.It's not very frequent but it all starte while playing Escape from Tarkov.Basically my pc froze and I had to force restart by pressing the power button.After I...
  7. Event ID 86, event ID 13, event ID 7000, event ID 8193, event ID 10005

    in Windows 10 Software and Apps
    Event ID 86, event ID 13, event ID 7000, event ID 8193, event ID 10005: Hello,It's a couple of months I have this problem I think it startet around half of may after a windows update.It's not very frequent but it all starte while playing Escape from Tarkov.Basically my pc froze and I had to force restart by pressing the power button.After I...
  8. how to enable specific event id in security.evtx

    in Windows 10 Gaming
    how to enable specific event id in security.evtx: How to enable an Event ID which is not enabled by default in Security.evtx https://answers.microsoft.com/en-us/windows/forum/all/how-to-enable-specific-event-id-in-securityevtx/b4ef0f35-9324-4cea-81f9-45f9569b1afb
  9. how to enable specific event id in security.evtx

    in Windows 10 Software and Apps
    how to enable specific event id in security.evtx: How to enable an Event ID which is not enabled by default in Security.evtx https://answers.microsoft.com/en-us/windows/forum/all/how-to-enable-specific-event-id-in-securityevtx/b4ef0f35-9324-4cea-81f9-45f9569b1afb
  10. Event ID Error 157 Security Query

    in Windows 10 Support
    Event ID Error 157 Security Query: I noticed an Event ID Error 157 as noted below. Is it recommended to run the command bcdedit /set hypervisorschedulertype core? Log Name: System Source: Microsoft-Windows-Hyper-V-Hypervisor Date: 05/09/2020 06:21:59 Event ID: 157 Task Category: None Level: Warning Keywords:...