Windows 10: Security Logs

Discus and support Security Logs in AntiVirus, Firewalls and System Security to solve the problem; I have a lot of weird logins in my security logs at times when no one was home with keyword Audit Success. Are these normal. Please advise. This is the... Discussion in 'AntiVirus, Firewalls and System Security' started by Metalheadx, Jun 9, 2020.

  1. METALHEADX
    Metalheadx Win User

    Security Logs


    I have a lot of weird logins in my security logs at times when no one was home with keyword Audit Success. Are these normal. Please advise. This is the only PC on the network. Couldn't find a spot to upload a log so I copied and pasted a few of the logs.


    Keywords Date and Time Source Event IDTask Category

    Audit Success 09-Jun-20 8:12:44 PM Microsoft-Windows-Security-Auditing4672 Special Logon "Special privileges assigned to new logon.

    Subject:
    Security ID: SYSTEM
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3E7

    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    SeDelegateSessionUserImpersonatePrivilege"
    Audit Success 09-Jun-20 8:12:44 PM Microsoft-Windows-Security-Auditing4624 Logon "An account was successfully logged on.

    Subject:
    Security ID: SYSTEM
    Account Name: ZEUS$
    Account Domain: GATES-OF-HADES
    Logon ID: 0x3E7

    Logon Information:
    Logon Type: 5
    Restricted Admin Mode: -
    Virtual Account: No
    Elevated Token: Yes

    Impersonation Level: Impersonation

    New Logon:
    Security ID: SYSTEM
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3E7
    Linked Logon ID: 0x0
    Network Account Name: -
    Network Account Domain: -
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x3a8
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name: -
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: Negotiate
    Transited Services: -
    Package Name NTLM only: -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on the computer that was accessed.

    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most common types are 2 interactive and 3 network.

    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The impersonation level field indicates the extent to which a process in the logon session can impersonate.

    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."
    Audit Success 09-Jun-20 8:12:23 PM Microsoft-Windows-Security-Auditing5379 User Account Management "Credential Manager credentials were read.

    Subject:
    Security ID: ZEUS\John Muller
    Account Name: John Muller
    Account Domain: ZEUS
    Logon ID: 0x3EAD7
    Read Operation: Enumerate Credentials

    This event occurs when a user performs a read operation on stored credentials in Credential Manager."

    :)
     
    Metalheadx, Jun 9, 2020
    #1
  2. QUBIT
    qubit Win User

    Corporate Security Solution

    That made me so facepalm. Some people have absolutely no clue. I hope they don't take you for granted with all this you're doing for them.

    SonicWall is a good security product, so Mindweaver's suggestion sounds like a good one and should make for a rather bigger baby step. Let's hope they take it.
     
    qubit, Jun 9, 2020
    #2
  3. NAT
    nat Win User
    Security log


    I am researching security log on my Windows 7 computer. Added column User. But this column lists


    only 'N/A'. Why and how to display a real user name?
     
    nat, Jun 9, 2020
    #3
  4. REMON ONT
    Remon Ont Win User

    Security Logs

    Surface Pro 4 Log in issues

    Hello Bex,

    For us to help you suggest steps to resolve the issue, we would like to know some information:

    • Did you get any error messages when signing in to your account?
    • Have you made any significant changes prior to this issue?
    • Have you tried to login using a different Microsoft account or local account on the computer?

    We suggest that you try the troubleshooting steps provided by Ashish Sondhi on this

    link    .

    Post us back with the result.
     
    Remon Ont, Jun 9, 2020
    #4
Thema:

Security Logs

Loading...

  1. Security Logs - Similar Threads - Security Logs

  2. I cannot log into my laptop, my pin is no longer available due to a change in security...

    in Windows 10 Gaming
    I cannot log into my laptop, my pin is no longer available due to a change in security...: I cannot log into my laptop my pin is no longer available due to a change to the security settings on this device https://answers.microsoft.com/en-us/windows/forum/all/i-cannot-log-into-my-laptop-my-pin-is-no-longer/794a943c-3d98-4cde-bf9b-d41cc7ab2f39

  3. I cannot log into my laptop, my pin is no longer available due to a change in security...

    in Windows 10 Software and Apps
    I cannot log into my laptop, my pin is no longer available due to a change in security...: I cannot log into my laptop my pin is no longer available due to a change to the security settings on this device https://answers.microsoft.com/en-us/windows/forum/all/i-cannot-log-into-my-laptop-my-pin-is-no-longer/794a943c-3d98-4cde-bf9b-d41cc7ab2f39

  4. I cannot log into my laptop, my pin is no longer available due to a change in security...

    in AntiVirus, Firewalls and System Security
    I cannot log into my laptop, my pin is no longer available due to a change in security...: I cannot log into my laptop my pin is no longer available due to a change to the security settings on this device https://answers.microsoft.com/en-us/windows/forum/all/i-cannot-log-into-my-laptop-my-pin-is-no-longer/794a943c-3d98-4cde-bf9b-d41cc7ab2f39

  5. Why can’t I turn on secure boot for my desktop? I have it turned on in BIOS but when I log...

    in Windows 10 Gaming
    Why can’t I turn on secure boot for my desktop? I have it turned on in BIOS but when I log...: I clearly have secure boot turned on but msinfo32 it says it’s unsupported https://answers.microsoft.com/en-us/windows/forum/all/why-cant-i-turn-on-secure-boot-for-my-desktop-i/cde3e340-77d8-4a99-8bc7-cd2871f56623

  6. Why can’t I turn on secure boot for my desktop? I have it turned on in BIOS but when I log...

    in Windows 10 Software and Apps
    Why can’t I turn on secure boot for my desktop? I have it turned on in BIOS but when I log...: I clearly have secure boot turned on but msinfo32 it says it’s unsupported https://answers.microsoft.com/en-us/windows/forum/all/why-cant-i-turn-on-secure-boot-for-my-desktop-i/cde3e340-77d8-4a99-8bc7-cd2871f56623

  7. The security log on this system is full. Only administrators can log in" in Windows 11

    in Windows 10 Gaming
    The security log on this system is full. Only administrators can log in" in Windows 11: Windows 11 systems are randomly getting a 'Log Full' error in the migrated systems. We need your assistance in finding the root cause. Even when we change the setting to manually 'overwrite events when old events are full,' the setting reverts to 'Do not overwrite events...

  8. The security log on this system is full. Only administrators can log in" in Windows 11

    in Windows 10 Software and Apps
    The security log on this system is full. Only administrators can log in" in Windows 11: Windows 11 systems are randomly getting a 'Log Full' error in the migrated systems. We need your assistance in finding the root cause. Even when we change the setting to manually 'overwrite events when old events are full,' the setting reverts to 'Do not overwrite events...

  9. can't log in on security credentials I changes password, won't let me make changes in windows

    in Windows 10 Gaming
    can't log in on security credentials I changes password, won't let me make changes in windows: can't log in on security credentials I changes password, won't let me make changes in windows https://answers.microsoft.com/en-us/windows/forum/all/cant-log-in-on-security-credentials-i-changes/c91a41f4-326a-4d36-862a-538c12ef4f07

  10. can't log in on security credentials I changes password, won't let me make changes in windows

    in Windows 10 Software and Apps
    can't log in on security credentials I changes password, won't let me make changes in windows: can't log in on security credentials I changes password, won't let me make changes in windows https://answers.microsoft.com/en-us/windows/forum/all/cant-log-in-on-security-credentials-i-changes/c91a41f4-326a-4d36-862a-538c12ef4f07