mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-23 14:23:38 +00:00
Merge branch 'master' into Ashok-Lobo-5358843-files251to275
This commit is contained in:
Gary Moore
GitHub
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 05/29/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack starts or was detected.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 05/29/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5149(F): The DoS attack has subsided and normal processing is being resumed.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack ended.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5150(-): The Windows Filtering Platform blocked a packet.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
This event is logged if the Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) blocked a packet.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
This event is logged if a more restrictive Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) has blocked a packet.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5152(F): The Windows Filtering Platform blocked a packet.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5152.png" alt="Event 5152 illustration" width="497" height="499" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
This event is logged if a more restrictive Windows Filtering Platform filter has blocked a packet.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5154.png" alt="Event 5154 illustration" width="490" height="474" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
By default Windows firewall won't prevent a port from being listened by an application. In the other word, Windows system will not generate Event 5155 by itself.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5156(S): The Windows Filtering Platform has permitted a connection.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5156.png" alt="Event 5156 illustration" width="491" height="506" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5157(F): The Windows Filtering Platform has blocked a connection.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5157.png" alt="Event 5157 illustration" width="491" height="503" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5158(S): The Windows Filtering Platform has permitted a bind to a local port.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5158.png" alt="Event 5158 illustration" width="491" height="466" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5159(F): The Windows Filtering Platform has blocked a bind to a local port.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5159.png" alt="Event 5159 illustration" width="491" height="466" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5168(F): SPN check for SMB/SMB2 failed.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5168.png" alt="Event 5168 illustration" width="575" height="474" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5376(S): Credential Manager credentials were backed up.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5376.png" alt="Event 5376 illustration" width="449" height="404" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5377(S): Credential Manager credentials were restored from a backup.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5377.png" alt="Event 5377 illustration" width="449" height="404" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5378(F): The requested credentials delegation was disallowed by policy.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5378.png" alt="Event 5378 illustration" width="449" height="438" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5447(S): A Windows Filtering Platform filter has been changed.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5447.png" alt="Event 5447 illustration" width="493" height="793" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5632(S, F): A request was made to authenticate to a wireless network.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5632.png" alt="Event 5632 illustration" width="419" height="417" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5633(S, F): A request was made to authenticate to a wired network.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5633.png" alt="Event 5633 illustration" width="528" height="449" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5712(S): A Remote Procedure Call (RPC) was attempted.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
It appears that this event never occurs.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5888(S): An object in the COM+ Catalog was modified.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5888.png" alt="Event 5888 illustration" width="457" height="489" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5889(S): An object was deleted from the COM+ Catalog.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5889.png" alt="Event 5889 illustration" width="472" height="653" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 5890(S): An object was added to the COM+ Catalog.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-5890.png" alt="Event 5890 illustration" width="449" height="462" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6144(S): Security policy in the group policy objects has been applied successfully.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-6144.png" alt="Event 6144 illustration" width="449" height="347" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/08/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6145(F): One or more errors occurred while processing security policy in the group policy objects.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-6145.png" alt="Event 6145 illustration" width="464" height="361" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6401(-): BranchCache: Received invalid data from a peer. Data discarded.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6405(-): BranchCache: %2 instance(s) of event id %1 occurred.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6407(-): 1%.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6409(-): BranchCache: A service connection point object could not be parsed.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
[Code Integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6416(S): A new external device was recognized by the System.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-6416.png" alt="Event 6416 illustration" width="438" height="598" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6419(S): A request was made to disable a device.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-6419.png" alt="Event 6419 illustration" width="526" height="682" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6420(S): A device was disabled.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-6420.png" alt="Event 6420 illustration" width="526" height="682" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6421(S): A request was made to enable a device.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-6421.png" alt="Event 6421 illustration" width="526" height="682" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6422(S): A device was enabled.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-6422.png" alt="Event 6422 illustration" width="526" height="682" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6423(S): The installation of this device is forbidden by system policy.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
<img src="images/event-6423.png" alt="Event 6423 illustration" width="526" height="680" hspace="10" align="left" />
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# 6424(S): The installation of this device was allowed, after having previously been forbidden by policy.
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
This event occurs rarely, and in some situations may be difficult to reproduce.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# File System (Global Object Access Auditing)
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This topic for the IT professional describes the Advanced Security Audit policy setting, **File System (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the file system for an entire computer.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.date: 10/22/2018
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,8 +16,6 @@ ms.technology: mde
|
||||
|
||||
# How to get a list of XML data name elements in EventData
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
The Security log uses a manifest where you can get all of the event schema.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Monitor central access policy and rule definitions
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This article for IT professionals describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Monitor claim types
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Monitor resource attribute definitions
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.
|
||||
Resource attribute definitions define the basic properties of resource attributes, such as what it means for a resource to be defined as “high business value.” Resource attribute definitions are stored in AD DS under the Resource Properties container. Changes to these definitions could significantly change the protections that govern a resource, even if the resource attributes that apply to the resource remain unchanged. Changes can be monitored like any other AD DS object.
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Monitor the central access policies associated with files and folders
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This article for IT professionals describes how to monitor changes to the central access policies that are associated with files and folders when you're using advanced security auditing options to monitor dynamic access control objects.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Monitor the central access policies that apply on a file server
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This article describes how to monitor changes to the central access policies (CAPs) that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. CAPs are created on a domain controller and then applied to file servers through Group Policy management.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Monitor the resource attributes on files and folders
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date:
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Monitor the use of removable storage devices
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Monitor user and device claims during sign-in
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you are using advanced security auditing options to monitor dynamic access control objects.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
@ -16,10 +16,6 @@ ms.technology: mde
|
||||
|
||||
# Other Events
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
|
||||
Events in this section generate automatically and are enabled by default.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Plan and deploy advanced security audit policies
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This article for IT professionals explains the options that security policy planners should consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Registry (Global Object Access Auditing)
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This topic for the IT professional describes the Advanced Security Audit policy setting, **Registry (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the registry of a computer.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Security auditing
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Using advanced security auditing options to monitor dynamic access control objects
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# View the security event log
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
The security log records each event as defined by the audit policies you set on each object.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 09/09/2021
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Which editions of Windows support advanced audit policy configuration
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista.
|
||||
There is no difference in security auditing support between 32-bit and 64-bit versions.
|
||||
|
||||
Reference in New Issue
Block a user