Windows 10: Event Viewer shows thousands of failed logon attempts

Discus and support Event Viewer shows thousands of failed logon attempts in Windows 10 Gaming to solve the problem; Hello,a couple of days ago i logged on a PC in our network and realised someone was on that machine windows 10. I realized it immediately because i saw... Discussion in 'Windows 10 Gaming' started by MarcoKirn, Mar 13, 2023.

  1. MARCOKIRN
    MarcoKirn Win User

    Event Viewer shows thousands of failed logon attempts


    Hello,a couple of days ago i logged on a PC in our network and realised someone was on that machine windows 10. I realized it immediately because i saw this on my screen:The first one is already in English and the second one says:CScript error: Loading of the script failed The operation could not be successfully completed because the file contains a virus or potentially unwanted software. The batch file could not be found.I immediately went to the respective computer and disconnected it from the network. This PC does not contain any important passwords, accounts or data, so I had no concer

    :)
     
    MarcoKirn, Mar 13, 2023
    #1
  2. MAKSYMPARPALEY
    MaksymParpaley Win User

    Events duplication (in event viewer) after successful logon (in event viewer).

    Can you please explain me why I see several (looks like duplicated) event in Event Viewer after successful logon.

    For example after reboot (Win 10 workstation, no domain, no any specific configuration) I see in security log 2 totally identical logs for event 4624, type 2

    The same situation for "Unlock"

    I want to show you these events in logs:

    In this example PC in domain, and I am reproducing windows UNLOCK (logoff - logon):

    FIRST EVENT

    Log Name: Security

    Source: Microsoft-Windows-Security-Auditing

    Date: 2/14/2017 1:35:30 PM

    Event ID: 4624

    Task Category: Logon

    Level: Information

    Keywords: Audit Success

    User: N/A

    Computer: mpxxx.xxx.xxx.net

    Description:

    An account was successfully logged on.

    Subject:

    Security ID: SYSTEM

    Account Name: MPxxx$

    Account Domain: KIV

    Logon ID: 0x3E7

    Logon Information:

    Logon Type: 7

    Restricted Admin Mode: -

    Virtual Account: No

    Elevated Token: Yes

    Impersonation Level: Impersonation

    New Logon:

    Security ID: UNIVERSE\mpxxx

    Account Name: mpxxx

    Account Domain: UNIVERSE

    Logon ID: 0x3D5986

    Linked Logon ID: 0x3D8CF3

    Network Account Name: -

    Network Account Domain: -

    Logon GUID: {a97eb034-e1a9-beba-9e13-0376df13c092}

    Process Information:

    Process ID: 0x2cc

    Process Name: C:\Windows\System32\lsass.exe

    Network Information:

    Workstation Name: MPxxx

    Source Network Address: -

    Source Port: -

    Detailed Authentication Information:

    Logon Process: Negotiat

    Authentication Package: Negotiate

    Transited Services: -

    Package Name (NTLM only): -

    Key Length: 0

    SECOND DUPLICATED EVENT:

    Log Name: Security

    Source: Microsoft-Windows-Security-Auditing

    Date: 2/14/2017 1:35:30 PM

    Event ID: 4624

    Task Category: Logon

    Level: Information

    Keywords: Audit Success

    User: N/A

    Computer: mpxxx.xxx.xxx.net

    Description:

    An account was successfully logged on.

    Subject:

    Security ID: SYSTEM

    Account Name: MPxxx$

    Account Domain: KIV

    Logon ID: 0x3E7

    Logon Information:

    Logon Type: 7

    Restricted Admin Mode: -

    Virtual Account: No

    Elevated Token: No

    Impersonation Level: Impersonation

    New Logon:

    Security ID: UNIVERSE\mpxxx

    Account Name: mpxxx

    Account Domain: UNIVERSE

    Logon ID: 0x3D8CF3

    Linked Logon ID: 0x3D5986

    Network Account Name: -

    Network Account Domain: -

    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:

    Process ID: 0x2cc

    Process Name: C:\Windows\System32\lsass.exe

    Network Information:

    Workstation Name: MPxxx

    Source Network Address: -

    Source Port: -

    Detailed Authentication Information:

    Logon Process: Negotiat

    Authentication Package: Negotiate

    Transited Services: -

    Package Name (NTLM only): -

    Key Length: 0

    The only difference is in "Elevated Token: and Logon GUID:" portion of output

    Dear MS Guru please give me any ideas why this duplication happens. It is important for because I am planning to send events to third party security system and duplication makes a lot of unnecessary noise

    Thank you.
     
    MaksymParpaley, Mar 13, 2023
    #2
  3. PEPANEE
    pepanee Win User
    thousands of security logs in event viewer

    Yea, I've always found those logs pretty strange. I've seen them numerous times in my Event Viewer as well.
    I currently have: 26,124
    of these logs.

    What is strange is that in General tab below for each of them, they show:
    • Special privileges assigned to new logon.
    • An account was successfully logged on.
    • Credential Manager credentials were read.
     
    pepanee, Mar 13, 2023
    #3
  4. MIBAUP
    mibaup Win User

    Event Viewer shows thousands of failed logon attempts

    thousands of security logs in event viewer

    it's weird, the CMD command doesn't show the security log number, it only shows the word "Security" but it's blank. The power shell however does show. And since I wrote the post, I got 1000+ more, and Event Viewer even added Exclamation mark next to the number. It shows: 13110(!) New events available

    EventID are mostly 5379 and 4798.

    Powershell output:
    Code:
    - - - Updated - - -

    Oh so I guess it's something normal?
     
    mibaup, Mar 13, 2023
    #4
Thema:

Event Viewer shows thousands of failed logon attempts

Loading...

  1. Event Viewer shows thousands of failed logon attempts - Similar Threads - Event Viewer shows

  2. Thousands of these in my event viewer. Events 210, 201, and 211

    in Windows 10 Gaming
    Thousands of these in my event viewer. Events 210, 201, and 211: Windows 11. I dont know why but every 30 seconds I am getting spammed in my event viewer with this https://answers.microsoft.com/en-us/windows/forum/all/thousands-of-these-in-my-event-viewer-events-210/1fcb7a21-1d72-4159-89af-03e183acfc8c

  3. Thousands of these in my event viewer. Events 210, 201, and 211

    in Windows 10 Software and Apps
    Thousands of these in my event viewer. Events 210, 201, and 211: Windows 11. I dont know why but every 30 seconds I am getting spammed in my event viewer with this https://answers.microsoft.com/en-us/windows/forum/all/thousands-of-these-in-my-event-viewer-events-210/1fcb7a21-1d72-4159-89af-03e183acfc8c

  4. Event Viewer shows thousands of failed logon attempts

    in Windows 10 Software and Apps
    Event Viewer shows thousands of failed logon attempts: Hello,a couple of days ago i logged on a PC in our network and realised someone was on that machine windows 10. I realized it immediately because i saw this on my screen:The first one is already in English and the second one says:CScript error: Loading of the script failed...

  5. Event Viewer shows thousands of failed logon attempts

    in AntiVirus, Firewalls and System Security
    Event Viewer shows thousands of failed logon attempts: Hello,a couple of days ago i logged on a PC in our network and realised someone was on that machine windows 10. I realized it immediately because i saw this on my screen:The first one is already in English and the second one says:CScript error: Loading of the script failed...

  6. Remote Desktop - The logon attempt failed

    in Windows 10 Network and Sharing
    Remote Desktop - The logon attempt failed: I have a machine running W10 Pro. I am logged into the laptop with a Microsoft account this one. I have a second machine running W10 Ent. I m logged on there with a corporate AzureAD account. I want to Remote Desktop from W10E to W10P. I know the IP of W10P, if I ping using...

  7. thousands of security logs in event viewer

    in Windows 10 Support
    thousands of security logs in event viewer: I went to the Event Viewer to check why my system shut down and won't turn on for a few minutes after the shut down. Then I noticed that under "Windows Logs" >"Security", I have more than 10,000 "Audit Success" logs. more than 10 per second. Is this normal? EventID are...

  8. Thousands of WMI/WMS errors in my Event Viewer

    in Windows 10 BSOD Crashes and Debugging
    Thousands of WMI/WMS errors in my Event Viewer: Hello, I've been getting a bunch load of these Service Control Management and NSSM errors in my event viewer. They all either say: "The WMIs service terminated with the following service-specific error: The system cannot find the path specified." "The WMIs service...

  9. RD logon attempt failed

    in Windows 10 Network and Sharing
    RD logon attempt failed: Hello, I have a problem when using remote desktop connection on my laptop - basically it all works fine when i'm connected to the same network as the desktop i'm trying to connect to, however, when i'm away, on a different network and i try to login, it doesnt work anymore....

  10. Event Viewer - Thousands of unknown Event ID 1s

    in Windows 10 Performance & Maintenance
    Event Viewer - Thousands of unknown Event ID 1s: Hi there, It's my first time posting on this forum however this forum has helped me solve dozens of past issues so thanks *Smile Ok so I've got an MSI GS40 notebook running Windows Home 64-bit. It's a great notebook and runs like a dream. I recently checked my Event...