Strange events in event viewer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Astarea

Thread Starter
Joined
Sep 8, 2019
Messages
3
good day,

My event viewer is full of events such as security audit - special logon (special privileges assigned to new user) user account management (security enabled local group membership enumerated). They show as originating on the Builtin/administrators id. I am not part of a group; this is my home laptop.
I never used to see these events but some of them now originate every 15 minutes or so.
Does anyone know what this is?
 
Joined
Sep 21, 2007
Messages
12,118
Those events IDs are also present on my PC, which has just 10 mins ago, been reimaged from an offline state disk image.

However, you will need to search up on each event ID, for example: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4798

The search will give you what the event ID means, what normal actions trigger it, and what abnormal actions would also trigger it. And also tell you what to pay attention to for that event item.

As I said, all your events ID exists on my system, which hopefully is normal, unless I have been compromised in the 10 mins that I was browsing this site online. But you have to know what abnormal things could trigger those events. And then see if they can be explained by normal things you have done.
 

Astarea

Thread Starter
Joined
Sep 8, 2019
Messages
3
Thanks for looking into this for me. I have looked at it and based on what I’m seeing, it seems abnormal to me. It looks to me like a user account has been created with elevated privileges from the Builtn/admin account which I see has caused issues for people before. Or otherwise, when this is mentioned, it is in reference to an admin providing service to a networked computer; this is my home comp. I was just hoping someone more familiar could weigh in as I don’t know for sure that is the case. Also why some of the functions are repeating every 15 minutes is weird. They didn’t always.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,075
Is your operating system Windows 10?

Have you recently upgraded the version and/or installed new security software?

Here's a good resource for checking the event IDs. Just enter them in the search field on the left side.

https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4799

I get 4624 and 4672 all the time but not 4798 and 4799 which I believe are specific to Windows 10.

I'm inclined to believe these are normal events. Checking the Event Viewer can cause a lot of undue stress unless you're troubleshooting a specific problem.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top