Windows 10: Security events manager is showing tons of Logon events.

Discus and support Security events manager is showing tons of Logon events. in Windows 10 Drivers and Hardware to solve the problem; Hi there sry for my English, will try my best. First of all, I need to say I am on a new fresh install. I reinstalled from a bootable USB disk, made... Discussion in 'Windows 10 Drivers and Hardware' started by Thomas Lartaud, Dec 26, 2019.

  1. THOMAS LARTAUD
    Thomas Lartaud Win User

    Security events manager is showing tons of Logon events.


    Hi there sry for my English, will try my best.


    First of all, I need to say I am on a new fresh install. I reinstalled from a bootable USB disk, made from a safe ISO file.


    I'm running w10 professional on a laptop. It is from ASUS, and I really think that there is something wrong with their drivers.

    I Don't have those issues on my other computer which is not a laptop. This issue appeared about one year ago. I think it is related to this : https://www.asus.com/support/FAQ/1034979


    I think that INTEL + ASUS have a critical vulnerabilty that they never solved, and they prefer being silent about it.
    I have some lags on my laptop that I had not before. Now i formated, reinstalled everything, and the issue persists.

    I've searched around the web and I can't seems to find anything.
    Please, stop saying that this is a normal behavior because IT IS NOT. I have many others computers where this is NOT happening. This computer is lagging at some times, with no apparent Reason.

    What do you recommend? How can i send a debug report that could help?
    My issue is the exact same as this one : https://answers.microsoft.com/en-us/windows/forum/all/event-4672-4624-5379-pc-freezing/c514277b-b1c0-4347-8b71-1a5a2fef3142

    I did the sfc scan +DSIM.exe, prior to formatting.

    After formatting, I rebooted with all services deactivated : same issue.
    I rebooted with all devices deactivated : same issue.


    Please, advice about it, or give recommendations about how to diagnose this.


    Any help would be really appreciated.


    Regards.

    :)
     
    Thomas Lartaud, Dec 26, 2019
    #1
  2. AMIT_SUN
    Amit_Sun Win User

    Events 4672 & 4624 Win 10 Freezes - special LOGON ?

    Hi,

    Thank you for writing to Microsoft Community Forums.

    1. Are you on a domain network?
    2. May I know the make and the model number of your system?

    The event logs you have provided seems to be the security logs that is generated when you login to your system. For more information on the event that was generated, you can check
    4672(S): Special privileges assigned to new logon.

    The Windows error logs will be located at Event Viewer > Windows Logs > System.

    Please follow the step below and check if it works for you.

    Step: Improve Windows 10 Performance.

    Try some of the following suggestions to help
    make your Windows 10 PC run better    . The steps are listed in order, so start with the first one, see if that fixes the problem, and then continue to the next one if it doesn’t.

    Note: The last step on the article contains Windows Reset, I suggest you not to perform Windows reset, as there is a change your data and applications will be wiped and also
    the OS will reverted back to previous version you upgraded from.

    If the issue still persists, please reply to this post with more information so that we can identify the root cause of this issue and assist you further.

    Hope it helps.

    Amit Sunar

    Microsoft Community – Moderator
     
    Amit_Sun, Dec 26, 2019
    #2
  3. MAKSYMPARPALEY
    MaksymParpaley Win User
    Events duplication (in event viewer) after successful logon (in event viewer).

    Can you please explain me why I see several (looks like duplicated) event in Event Viewer after successful logon.

    For example after reboot (Win 10 workstation, no domain, no any specific configuration) I see in security log 2 totally identical logs for event 4624, type 2

    The same situation for "Unlock"

    I want to show you these events in logs:

    In this example PC in domain, and I am reproducing windows UNLOCK (logoff - logon):

    FIRST EVENT

    Log Name: Security

    Source: Microsoft-Windows-Security-Auditing

    Date: 2/14/2017 1:35:30 PM

    Event ID: 4624

    Task Category: Logon

    Level: Information

    Keywords: Audit Success

    User: N/A

    Computer: mpxxx.xxx.xxx.net

    Description:

    An account was successfully logged on.

    Subject:

    Security ID: SYSTEM

    Account Name: MPxxx$

    Account Domain: KIV

    Logon ID: 0x3E7

    Logon Information:

    Logon Type: 7

    Restricted Admin Mode: -

    Virtual Account: No

    Elevated Token: Yes

    Impersonation Level: Impersonation

    New Logon:

    Security ID: UNIVERSE\mpxxx

    Account Name: mpxxx

    Account Domain: UNIVERSE

    Logon ID: 0x3D5986

    Linked Logon ID: 0x3D8CF3

    Network Account Name: -

    Network Account Domain: -

    Logon GUID: {a97eb034-e1a9-beba-9e13-0376df13c092}

    Process Information:

    Process ID: 0x2cc

    Process Name: C:\Windows\System32\lsass.exe

    Network Information:

    Workstation Name: MPxxx

    Source Network Address: -

    Source Port: -

    Detailed Authentication Information:

    Logon Process: Negotiat

    Authentication Package: Negotiate

    Transited Services: -

    Package Name (NTLM only): -

    Key Length: 0

    SECOND DUPLICATED EVENT:

    Log Name: Security

    Source: Microsoft-Windows-Security-Auditing

    Date: 2/14/2017 1:35:30 PM

    Event ID: 4624

    Task Category: Logon

    Level: Information

    Keywords: Audit Success

    User: N/A

    Computer: mpxxx.xxx.xxx.net

    Description:

    An account was successfully logged on.

    Subject:

    Security ID: SYSTEM

    Account Name: MPxxx$

    Account Domain: KIV

    Logon ID: 0x3E7

    Logon Information:

    Logon Type: 7

    Restricted Admin Mode: -

    Virtual Account: No

    Elevated Token: No

    Impersonation Level: Impersonation

    New Logon:

    Security ID: UNIVERSE\mpxxx

    Account Name: mpxxx

    Account Domain: UNIVERSE

    Logon ID: 0x3D8CF3

    Linked Logon ID: 0x3D5986

    Network Account Name: -

    Network Account Domain: -

    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:

    Process ID: 0x2cc

    Process Name: C:\Windows\System32\lsass.exe

    Network Information:

    Workstation Name: MPxxx

    Source Network Address: -

    Source Port: -

    Detailed Authentication Information:

    Logon Process: Negotiat

    Authentication Package: Negotiate

    Transited Services: -

    Package Name (NTLM only): -

    Key Length: 0

    The only difference is in "Elevated Token: and Logon GUID:" portion of output

    Dear MS Guru please give me any ideas why this duplication happens. It is important for because I am planning to send events to third party security system and duplication makes a lot of unnecessary noise

    Thank you.
     
    MaksymParpaley, Dec 26, 2019
    #3
  4. IGOR LEYKO
    Igor Leyko Win User

    Security events manager is showing tons of Logon events.

    Event 4672, Special Logon

    Hi Erfngel,

    see description at
    https://docs.microsoft.com/en-us/windows/securi...

    Quotation: You typically will see many of these events in the event log, because every logon of SYSTEM (Local System) account triggers this event.
     
    Igor Leyko, Dec 26, 2019
    #4
Thema:

Security events manager is showing tons of Logon events.

Loading...

  1. Security events manager is showing tons of Logon events. - Similar Threads - Security events manager

  2. Event Viewer shows thousands of failed logon attempts

    in Windows 10 Gaming
    Event Viewer shows thousands of failed logon attempts: Hello,a couple of days ago i logged on a PC in our network and realised someone was on that machine windows 10. I realized it immediately because i saw this on my screen:The first one is already in English and the second one says:CScript error: Loading of the script failed...

  3. Event Viewer shows thousands of failed logon attempts

    in Windows 10 Software and Apps
    Event Viewer shows thousands of failed logon attempts: Hello,a couple of days ago i logged on a PC in our network and realised someone was on that machine windows 10. I realized it immediately because i saw this on my screen:The first one is already in English and the second one says:CScript error: Loading of the script failed...

  4. Event Viewer shows thousands of failed logon attempts

    in AntiVirus, Firewalls and System Security
    Event Viewer shows thousands of failed logon attempts: Hello,a couple of days ago i logged on a PC in our network and realised someone was on that machine windows 10. I realized it immediately because i saw this on my screen:The first one is already in English and the second one says:CScript error: Loading of the script failed...

  5. Is it normal for the Event Viewer Security logs to have a lot of logons?

    in Windows 10 Ask Insider
    Is it normal for the Event Viewer Security logs to have a lot of logons?: Is 7 Special logons in a row normal? submitted by /u/STOP_POLLUTING [link] [comments] https://www.reddit.com/r/Windows10/comments/hz4iun/is_it_normal_for_the_event_viewer_security_logs/

  6. Logon Event IDs Explanations

    in AntiVirus, Firewalls and System Security
    Logon Event IDs Explanations: Hi, I'm a non-dev person and would like some answers regarding Event Viewer in Windows 10. I wanted to keep tabs on if my PC was logged in during my absence. I found that Event ID 4624 shows the successful logins. But when I filter the ID, it turns out that several events...

  7. Event 4672, Special Logon

    in AntiVirus, Firewalls and System Security
    Event 4672, Special Logon: Why would this event be shown in my logs. No one else has had access or been given access to my pc. I will attach the event records: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 12/3/2019 3:55:00 AM Event ID: 4672...

  8. Logon event

    in Windows 10 BSOD Crashes and Debugging
    Logon event: Hello, can someone help me to get out what kind of event is above? I can't understand who or what trying to connect into 192.168.10.50 server. A logon was attempted using explicit credentials. Subject: Security ID: SYSTEM Account Name: PC-1074-050917$ Account Domain: test...

  9. TONS of errors in event viewer

    in Windows 10 Performance & Maintenance
    TONS of errors in event viewer: I just clean installed my windows, and have not made any changes as to what would cause these errors.... but in event viewer, since install on the 29th, i have 800 errors and warnings. ive noticed on my other PC that i just installed 10 on yesterday, it too has 300 errors and...

  10. Tons of comruntime error 10031 in event viewer

    in Windows 10 Support
    Tons of comruntime error 10031 in event viewer: Ever since I did the latest updates on Tuesday...I've been getting tons of comruntime error 10031. It happens when the computer is idle and I noticed the hard drive light is steady on..I did some googling, but didn't find much...mostly on a server computer which I don't have....