1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Event Viewer Security Report

Discussion in 'Windows XP' started by DDALE32, Oct 10, 2003.

Thread Status:
Not open for further replies.
  1. DDALE32

    DDALE32 Thread Starter

    Feb 5, 2002
    I am using MAILWASHER PRO. It was set to check mail every 1 minute. I'm not sure that this has anything to do with the report I get in EVENT VIEWER/SECURITY but it shows AUDIT FAILURE every 30 seconds. It only has records for two days. When I click on one of the failures and follow through this is what I get:

    Product: Windows Operating System
    ID: 529
    Source: Security
    Version: 5.0
    Component: Security Event Log
    Message: Logon Failure:
    Reason: Unknown user name or bad password
    User Name: %1
    Domain: %2
    Logon Type: %3
    Logon Process: %4
    Authentication Package: %5
    Workstation Name: %6

    This event record indicates an attempt to log on using an unknown user account or a valid user account but with an incorrect password. An unexpected increase in the number of these audits could represent an attempt by someone to find user accounts and passwords (such as a "dictionary" attack, in which a list of words is used by a program to attempt entry).

    User Action
    The person with administrative rights for the computer should establish a threshold limit for attempted log ons. Attempts in excess of the limit should be investigated as a possible attempt to break into the computer.


    Related Knowledge Base articles
    You can find additional information on this topic in the following Microsoft Knowledge Base articles:
    • Post a Question to the Microsoft Windows XP Newsgroups
    Ask your question to Microsoft Most Valuable Professionals (MVPs) and others who use Microsoft Windows XP. You can also search for your answer in existing posts.
    • Windows XP Support Center
    Visit the Windows XP Support Center for links to common questions and answers, instructions, the latest downloads, and more.
    • Security Event 529 Is Logged for Local User Accounts
    When a local user on a Windows XP Professional-based member computer logs off, two logon failure events are recorded: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: date Time: time User: NT...
    • Failure Events Are Logged When the Welcome Screen Is Enabled
    With the welcome screen and logon/logoff and/or account logon success and failure auditing are enabled, pairs of Logon/Logoff failure or Account Logon failure audits with successful logon audit entries are added to the computer security log.

    Can this be caused by MAIL WASHER? Or is it an indication that someone on the internet is attempting to break in?

    OR ... what is it?

    Thanks for the great help in the past and anticipated again.

  2. rawmeat


    May 17, 1999
    I don't know how Mail Washer works, but if you disable the program and the events continue, then it is not the program. Just the first thing I would try to track down the culprit. Then you could try disconnecting from the internet for a period and see if the events continue. That won't rule out a trojan program that has be loaded locally, but it won't be able to transmit any successes. The %x that is the user and domain, etc. seem to be parameter variables such as used in batch files where %1 is the first parameter and %2 is the second and so on. You may want to look in the registry under the run key (HKLM\Software\Microsoft\windows\Current version\run in w2k) to see if there are any entries you don't recognize, expecially batch files or .vbs files.

    Hope this helps!
  3. DDALE32

    DDALE32 Thread Starter

    Feb 5, 2002
    I turned off, shut down, MAIL WASHER. I also turned off OUTLOOK EXPRESS that was checking for mail every 30 minutes. I don't know of anything else that would be popping up on a regular basis. The "FAILURE" was happening every 30 seconds on the button.

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Similar Threads - Event Viewer Security
  1. davephil
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/170992

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice