M
Mike in Nebraska
I have a WinXP PC in our small LAN that runs QuickBooks. The Office Manager
has had problems with it and asked me to take a look. I continually find
errors in the Security Log that might be related, but I don't have the
experience to know where to go for resolution.
In anticipation of the question, detailed tracking for success & failure of
processes is turned on in the Local Security Policy.
Can someone give me some ideas on what these mean and how to resolve them?
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 7/30/2009
Time: 7:45:08 AM
User: NT AUTHORITY\SYSTEM
Computer: OFFICEMANAGER
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 812
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 1381
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
============
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 7/30/2009
Time: 7:45:09 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: OFFICEMANAGER
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1204
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 59463
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
============
I'm assuming that find the Process ID (1204) is the key for scvhost.exe, but
where to go from here?
--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit (501
has had problems with it and asked me to take a look. I continually find
errors in the Security Log that might be related, but I don't have the
experience to know where to go for resolution.
In anticipation of the question, detailed tracking for success & failure of
processes is turned on in the Local Security Policy.
Can someone give me some ideas on what these mean and how to resolve them?
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 7/30/2009
Time: 7:45:08 AM
User: NT AUTHORITY\SYSTEM
Computer: OFFICEMANAGER
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 812
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 1381
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
============
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 7/30/2009
Time: 7:45:09 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: OFFICEMANAGER
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1204
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 59463
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
============
I'm assuming that find the Process ID (1204) is the key for scvhost.exe, but
where to go from here?
--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit (501