deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 13:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Acrolinx enhancement effort

Browse Source
This commit is contained in:
Siddarth Mandalika 2022-06-17 15:46:12 +05:30
parent c17cb0d827
commit 5fbd3e07d7
20 changed files with 81 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
windows/security/threat-protection/auditing/event-4953.md
View File

@ -1,6 +1,6 @@
---
title: 4953(F) Windows Firewall ignored a rule because it could not be parsed. (Windows 10)
description: Describes security event 4953(F) Windows Firewall ignored a rule because it could not be parsed.
title: 4953(F) Windows Firewall ignored a rule because it couldn't be parsed. (Windows 10)
description: Describes security event 4953(F) Windows Firewall ignored a rule because it couldn't be parsed.
ms.pagetype: security
ms.prod: m365-security
ms.mktglfcycl: deploy
@ -14,7 +14,7 @@ ms.author: dansimp
ms.technology: windows-sec
---
# 4953(F): Windows Firewall ignored a rule because it could not be parsed.
# 4953(F): Windows Firewall ignored a rule because it couldn't be parsed.
<img src="images/event-4953.png" alt="Event 4953 illustration" width="449" height="375" hspace="10" align="left" />
@ -23,7 +23,7 @@ ms.technology: windows-sec
***Event Description:***
This event generates if Windows Firewall was not able to parse Windows Firewall rule for some reason.
This event generates if Windows Firewall wasn't able to parse Windows Firewall rule for some reason.
It can happen if Windows Firewall rule registry entry was corrupted.
@ -72,11 +72,11 @@ It can happen if Windows Firewall rule registry entry was corrupted.
- All
- Domain,Public
- Domain, Public
- Domain,Private
- Domain, Private
- Private,Public
- Private, Public
- Public
@ -90,7 +90,7 @@ It can happen if Windows Firewall rule registry entry was corrupted.
- **ID** \[Type = UnicodeString\]: the unique identifier for ignored firewall rule.
To see the unique ID of the rule, navigate to the “**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules”** registry key and you will see the list of Windows Firewall rule IDs (Name column) with parameters:
To see the unique ID of the rule, navigate to the “**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules”** registry key and you'll see the list of Windows Firewall rule IDs (Name column) with parameters:
<img src="images/registry-editor-firewallrules.png" alt="Registry Editor FirewallRules key illustration" width="1412" height="422" />
@ -100,7 +100,7 @@ It can happen if Windows Firewall rule registry entry was corrupted.
## Security Monitoring Recommendations
For 4953(F): Windows Firewall ignored a rule because it could not be parsed.
For 4953(F): Windows Firewall ignored a rule because it couldn't be parsed.
- This event can be a sign of software issues, Windows Firewall registry errors or corruption, or Group Policy setting misconfigurations. We recommend monitoring this event and investigating the reason for the condition. Typically this event indicates configuration issues, not security issues.

16
windows/security/threat-protection/auditing/event-4957.md
View File

@ -1,6 +1,6 @@
---
title: 4957(F) Windows Firewall did not apply the following rule. (Windows 10)
description: Describes security event 4957(F) Windows Firewall did not apply the following rule.
title: 4957(F) Windows Firewall didn't apply the following rule. (Windows 10)
description: Describes security event 4957(F) Windows Firewall didn't apply the following rule.
ms.pagetype: security
ms.prod: m365-security
ms.mktglfcycl: deploy
@ -14,7 +14,7 @@ ms.author: dansimp
ms.technology: windows-sec
---
# 4957(F): Windows Firewall did not apply the following rule.
# 4957(F): Windows Firewall didn't apply the following rule.
<img src="images/event-4957.png" alt="Event 4957 illustration" width="449" height="365" hspace="10" align="left" />
@ -23,7 +23,7 @@ ms.technology: windows-sec
***Event Description:***
This event generates when Windows Firewall starts or apply new rule, and the rule cannot be applied for some reason.
This event generates when Windows Firewall starts or apply new rule, and the rule can't be applied for some reason.
> **Note**&nbsp;&nbsp;For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
@ -69,21 +69,21 @@ This event generates when Windows Firewall starts or apply new rule, and the rul
- **ID** \[Type = UnicodeString\]: the unique identifier for not applied firewall rule.
To see the unique ID of the rule you need to navigate to “**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules”** registry key and you will see the list of Windows Firewall rule IDs (Name column) with parameters:
To see the unique ID of the rule, you need to navigate to “**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules”** registry key and you'll see the list of Windows Firewall rule IDs (Name column) with parameters:
<img src="images/registry-editor-firewallrules.png" alt="Registry Editor FirewallRules key illustration" width="1412" height="422" />
- **Name** \[Type = UnicodeString\]: the name of the rule which was not applied. You can see the name of Windows Firewall rule using Windows Firewall with Advanced Security management console (**wf.msc**), check “Name” column:
- **Name** \[Type = UnicodeString\]: the name of the rule that wasn't applied. You can see the name of Windows Firewall rule using Windows Firewall with Advanced Security management console (**wf.msc**), check “Name” column:
<img src="images/windows-firewall-with-advanced-security.png" alt="Windows Firewall with Advanced Security illustration" width="1082" height="363" />
**Error Information:**
- **Reason** \[Type = UnicodeString\]: the reason why the rule was not applied.
- **Reason** \[Type = UnicodeString\]: the reason why the rule wasn't applied.
## Security Monitoring Recommendations
For 4957(F): Windows Firewall did not apply the following rule.
For 4957(F): Windows Firewall didn't apply the following rule.
- This event can be a sign of software issues, Windows Firewall registry errors or corruption, or Group Policy setting misconfigurations. We recommend monitoring this event and investigating the reason for the condition. Typically this event indicates configuration issues, not security issues.

12
windows/security/threat-protection/auditing/event-4958.md
View File

@ -1,6 +1,6 @@
---
title: 4958(F) Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. (Windows 10)
description: Describes security event 4958(F) Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
title: 4958(F) Windows Firewall didn't apply the following rule because the rule referred to items not configured on this computer. (Windows 10)
description: Describes security event 4958(F) Windows Firewall didn't apply the following rule because the rule referred to items not configured on this computer.
ms.pagetype: security
ms.prod: m365-security
ms.mktglfcycl: deploy
@ -14,18 +14,18 @@ ms.author: dansimp
ms.technology: windows-sec
---
# 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
# 4958(F): Windows Firewall didn't apply the following rule because the rule referred to items not configured on this computer.
Windows Firewall with Advanced Security processed a rule that contains parameters that cannot be resolved on the local computer. The rule is therefore not enforceable on the computer and so is excluded from the runtime state of the firewall. This is not necessarily an error. Examine the rule for applicability on the computers to which it was applied.
Windows Firewall with Advanced Security processed a rule that contains parameters that can't be resolved on the local computer. The rule is therefore not enforceable on the computer and so is excluded from the runtime state of the firewall. This exclusion isn't necessarily an error. Examine the rule for applicability on the computers to which it was applied.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit MPSSVC Rule-Level Policy Change](audit-mpssvc-rule-level-policy-change.md)
***Event Schema:***
*Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer:
*Windows Firewall didn't apply the following rule because the rule referred to items not configured on this computer:
Rule Information:
%tID:%t%1
%tName:%t%2

4
windows/security/threat-protection/auditing/event-5030.md
View File

@ -19,9 +19,9 @@ ms.technology: windows-sec
Windows logs this event if the Windows Firewall service fails to start, or if it unexpectedly terminates. The error message indicates the cause of the service failure by including an error code in the text of the message.
This event doesn't generate during Windows Firewall service failures if Windows Firewall policy is incorrect\\corrupted or one of the service dependencies was not started.
This event doesn't generate during Windows Firewall service failures if Windows Firewall policy is incorrect\\corrupted or one of the service dependencies wasn't started.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Other System Events](audit-other-system-events.md)

6
windows/security/threat-protection/auditing/event-5031.md
View File

@ -25,7 +25,7 @@ ms.technology: windows-sec
This event generates when an application was blocked from accepting incoming connections on the network by [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
If you dont have any firewall rules (Allow or Deny) in Windows Firewall for specific applications, you will get this event from [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page) layer, because by default this layer is denying any incoming connections.
If you dont have any firewall rules (Allow or Deny) in Windows Firewall for specific applications, you'll get this event from [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page) layer, because by default this layer is denying any incoming connections.
> **Note**&nbsp;&nbsp;For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
@ -82,8 +82,8 @@ For 5031(F): The Windows Firewall Service blocked an application from accepting
- You can use this event to detect applications for which no Windows Firewall rules were created.
- If you have a pre-defined application which should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
- If you have a pre-defined application that should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
- You can monitor to see if “**Application**” is not in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**).
- You can monitor to see if “**Application**” isn't in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**).
- If you have a pre-defined list of restricted substrings or words in application names (for example, “**mimikatz**” or “**cain.exe**”), check for these substrings in “**Application**.”

12
windows/security/threat-protection/auditing/event-5038.md
View File

@ -1,6 +1,6 @@
---
title: 5038(F) Code integrity determined that the image hash of a file is not valid. (Windows 10)
description: Describes security event 5038(F) Code integrity determined that the image hash of a file is not valid.
title: 5038(F) Code integrity determined that the image hash of a file isn't valid. (Windows 10)
description: Describes security event 5038(F) Code integrity determined that the image hash of a file isn't valid.
ms.pagetype: security
ms.prod: m365-security
ms.mktglfcycl: deploy
@ -14,16 +14,16 @@ ms.author: dansimp
ms.technology: windows-sec
---
# 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
# 5038(F): Code integrity determined that the image hash of a file isn't valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
This event generates by [Code Integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) feature, if signature of a file is not valid.
This event generates by [Code Integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) feature, if signature of a file isn't valid.
Code Integrity is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.
Code Integrity is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it's loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit System Integrity](audit-system-integrity.md)

6
windows/security/threat-protection/auditing/event-5039.md
View File

@ -19,9 +19,9 @@ ms.technology: windows-sec
This event should be generated when registry key was virtualized using [LUAFV](https://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx).
This event occurs very rarely during standard LUAFV registry key virtualization.
This event occurs rarely during standard LUAFV registry key virtualization.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Registry](audit-registry.md)
@ -59,7 +59,7 @@ There is no example of this event in this document.
## Security Monitoring Recommendations
- There is no recommendation for this event in this document.
- There's no recommendation for this event in this document.

6
windows/security/threat-protection/auditing/event-5051.md
View File

@ -19,9 +19,9 @@ ms.technology: windows-sec
This event should be generated when file was virtualized using [LUAFV](https://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx).
This event occurs very rarely during standard LUAFV file virtualization.
This event occurs rarely during standard LUAFV file virtualization.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit File System](audit-file-system.md)
@ -59,5 +59,5 @@ There is no example of this event in this document.
## Security Monitoring Recommendations
- There is no recommendation for this event in this document.
- There's no recommendation for this event in this document.

4
windows/security/threat-protection/auditing/event-5056.md
View File

@ -27,9 +27,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for CNG troubleshooting.
This event is used for CNG troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit System Integrity](audit-system-integrity.md)

6
windows/security/threat-protection/auditing/event-5057.md
View File

@ -17,7 +17,7 @@ ms.technology: windows-sec
# 5057(F): A cryptographic primitive operation failed.
This event generates in case of CNG primitive operation failure.
This event generates if there's a CNG primitive operation failure.
For more information about Cryptographic Next Generation (CNG) visit these pages:
@ -27,9 +27,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit System Integrity](audit-system-integrity.md)

10
windows/security/threat-protection/auditing/event-5058.md
View File

@ -23,7 +23,7 @@ ms.technology: windows-sec
***Event Description:***
This event generates when an operation (read, write, delete, and so on) was performed on a file that contains a KSP key by using a [Key Storage Provider](/windows/win32/seccertenroll/cng-key-storage-providers) (KSP). This event generates only if one of the following KSPs were used:
This event generates when an operation (read, write, delete, and so on) was performed on a file that contains a KSP key by using a [Key Storage Provider](/windows/win32/seccertenroll/cng-key-storage-providers) (KSP). This event generates only if one of the following KSPs was used:
- Microsoft Software Key Storage Provider
@ -81,13 +81,13 @@ You can see these events, for example, during certificate renewal or export oper
**Subject:**
- **Security ID** \[Type = SID\]**:** SID of account that requested key file operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
- **Security ID** \[Type = SID\]**:** SID of account that requested key file operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event.
> **Note**&nbsp;&nbsp;A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested key file operation.
- **Account Domain** \[Type = UnicodeString\]**:** subjects domain or computer name. Formats vary, and include the following:
- **Account Domain** \[Type = UnicodeString\]**:** subjects domain or computer name. Formats vary, and include the following ones:
- Domain NETBIOS name example: CONTOSO
@ -109,7 +109,7 @@ You can see these events, for example, during certificate renewal or export oper
- Microsoft Smart Card Key Storage Provider
- **Algorithm Name** \[Type = UnicodeString\]: the name of cryptographic algorithm through which the key was used or accessed. For “Read persisted key from file” operation, this typically has “**UNKNOWN**” value. Can also have one of the following values:
- **Algorithm Name** \[Type = UnicodeString\]: the name of cryptographic algorithm through which the key was used or accessed. For “Read persisted key from file” operation, this algorithm has “**UNKNOWN**” value. Can also have one of the following values:
- RSA algorithm created by Ron Rivest, Adi Shamir, and Leonard Adleman.
@ -129,7 +129,7 @@ You can see these events, for example, during certificate renewal or export oper
- ECDSA\_P521 Elliptic Curve Digital Signature Algorithm with 521-bit key length.
- **Key Name** \[Type = UnicodeString\]: the name of the key (key container) with which operation was performed. For example, to get the list of **Key Names** for certificates for logged in user you can use “**certutil -store -user my**” command and check **Key Container** parameter in the output. Here is an output example:
- **Key Name** \[Type = UnicodeString\]: the name of the key (key container) with which operation was performed. For example, to get the list of **Key Names** for certificates for logged in user you can use “**certutil -store -user my**” command and check **Key Container** parameter in the output. Here's an output example:
<img src="images/certutil-command.png" alt="Certutil command illustration" width="588" height="665" />

4
windows/security/threat-protection/auditing/event-5060.md
View File

@ -27,9 +27,9 @@ For more information about CNG, visit these pages:
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for CNG troubleshooting.
This event is used for CNG troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit System Integrity](audit-system-integrity.md)

10
windows/security/threat-protection/auditing/event-5061.md
View File

@ -23,7 +23,7 @@ ms.technology: windows-sec
***Event Description:***
This event generates when a cryptographic operation (open key, create key, create key, and so on) was performed using a [Key Storage Provider](/windows/win32/seccertenroll/cng-key-storage-providers) (KSP). This event generates only if one of the following KSPs were used:
This event generates when a cryptographic operation (open key, create key, create key, and so on) was performed using a [Key Storage Provider](/windows/win32/seccertenroll/cng-key-storage-providers) (KSP). This event generates only if one of the following KSPs was used:
- Microsoft Software Key Storage Provider
@ -78,13 +78,13 @@ This event generates when a cryptographic operation (open key, create key, creat
**Subject:**
- **Security ID** \[Type = SID\]**:** SID of account that requested specific cryptographic operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
- **Security ID** \[Type = SID\]**:** SID of account that requested specific cryptographic operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event.
> **Note**&nbsp;&nbsp;A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested specific cryptographic operation.
- **Account Domain** \[Type = UnicodeString\]**:** subjects domain or computer name. Formats vary, and include the following:
- **Account Domain** \[Type = UnicodeString\]**:** subjects domain or computer name. Formats vary, and include the following ones:
- Domain NETBIOS name example: CONTOSO
@ -106,7 +106,7 @@ This event generates when a cryptographic operation (open key, create key, creat
- Microsoft Smart Card Key Storage Provider
- **Algorithm Name** \[Type = UnicodeString\]: the name of cryptographic algorithm through which the key was used or accessed. For “Read persisted key from file” operation, this typically has “**UNKNOWN**” value. Can also have one of the following values:
- **Algorithm Name** \[Type = UnicodeString\]: the name of cryptographic algorithm through which the key was used or accessed. For “Read persisted key from file” operation, this algorithm has “**UNKNOWN**” value. Can also have one of the following values:
- RSA algorithm created by Ron Rivest, Adi Shamir, and Leonard Adleman.
@ -126,7 +126,7 @@ This event generates when a cryptographic operation (open key, create key, creat
- ECDSA\_P521 Elliptic Curve Digital Signature Algorithm with 521-bit key length.
- **Key Name** \[Type = UnicodeString\]: the name of the key (key container) with which operation was performed. For example, to get the list of **Key Names** for certificates for logged in user you can use “**certutil -store -user my**” command and check **Key Container** parameter in the output. Here is an output example:
- **Key Name** \[Type = UnicodeString\]: the name of the key (key container) with which operation was performed. For example, to get the list of **Key Names** for certificates for logged in user you can use “**certutil -store -user my**” command and check **Key Container** parameter in the output. Here's an output example:
<img src="images/certutil-command.png" alt="Certutil command illustration" width="588" height="665" />

6
windows/security/threat-protection/auditing/event-5063.md
View File

@ -17,7 +17,7 @@ ms.technology: windows-sec
# 5063(S, F): A cryptographic provider operation was attempted.
This event generates in BCryptUnregisterProvider() and BCryptRegisterProvider() functions. These are Cryptographic Next Generation (CNG) functions.
This event generates in BCryptUnregisterProvider() and BCryptRegisterProvider() functions. These functions are Cryptographic Next Generation (CNG) functions.
This event generates when cryptographic provider was registered or unregistered.
@ -27,9 +27,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Other Policy Change Events](audit-other-policy-change-events.md)

6
windows/security/threat-protection/auditing/event-5064.md
View File

@ -17,7 +17,7 @@ ms.technology: windows-sec
# 5064(S, F): A cryptographic context operation was attempted.
This event generates in [BCryptCreateContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptcreatecontext)() and [BCryptDeleteContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptdeletecontext)() functions. These are Cryptographic Next Generation (CNG) functions.
This event generates in [BCryptCreateContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptcreatecontext)() and [BCryptDeleteContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptdeletecontext)() functions. These functions are Cryptographic Next Generation (CNG) functions.
This event generates when cryptographic context was created or deleted.
@ -27,9 +27,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Other Policy Change Events](audit-other-policy-change-events.md)

7
windows/security/threat-protection/auditing/event-5065.md
View File

@ -16,8 +16,7 @@ ms.technology: windows-sec
# 5065(S, F): A cryptographic context modification was attempted.
This event generates in [BCryptConfigureContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontext)() function. This is a Cryptographic Next Generation (CNG) function.
This event generates in [BCryptConfigureContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontext)() function. This function is a Cryptographic Next Generation (CNG) function.
This event generates when configuration information was changed for existing CNG context.
@ -27,9 +26,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Other Policy Change Events](audit-other-policy-change-events.md)

6
windows/security/threat-protection/auditing/event-5066.md
View File

@ -17,7 +17,7 @@ ms.technology: windows-sec
# 5066(S, F): A cryptographic function operation was attempted.
This event generates in [BCryptAddContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptaddcontextfunction)() and [BCryptRemoveContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptremovecontextfunction)() functions. These are Cryptographic Next Generation (CNG) functions.
This event generates in [BCryptAddContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptaddcontextfunction)() and [BCryptRemoveContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptremovecontextfunction)() functions. These functions are Cryptographic Next Generation (CNG) functions.
This event generates when cryptographic function was added or removed from the list of functions that are supported by an existing CNG context.
@ -27,9 +27,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Other Policy Change Events](audit-other-policy-change-events.md)

8
windows/security/threat-protection/auditing/event-5067.md
View File

@ -17,19 +17,19 @@ ms.technology: windows-sec
# 5067(S, F): A cryptographic function modification was attempted.
This event generates in [BCryptConfigureContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontextfunction)() function. This is a Cryptographic Next Generation (CNG) function.
This event generates in [BCryptConfigureContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontextfunction)() function. This function is a Cryptographic Next Generation (CNG) function.
This event generates when configuration information for the cryptographic function of an existing CNG context was changed.
For more information about Cryptographic Next Generation (CNG) visit these pages:
For more information about Cryptographic Next Generation (CNG), visit these pages:
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Other Policy Change Events](audit-other-policy-change-events.md)

8
windows/security/threat-protection/auditing/event-5068.md
View File

@ -17,17 +17,17 @@ ms.technology: windows-sec
# 5068(S, F): A cryptographic function provider operation was attempted.
This event generates in BCryptAddContextFunctionProvider() and BCryptRemoveContextFunctionProvider() functions. These are Cryptographic Next Generation (CNG) functions.
This event generates in BCryptAddContextFunctionProvider() and BCryptRemoveContextFunctionProvider() functions. These functions are Cryptographic Next Generation (CNG) functions.
For more information about Cryptographic Next Generation (CNG) visit these pages:
For more information about Cryptographic Next Generation (CNG), visit these pages:
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Other Policy Change Events](audit-other-policy-change-events.md)

8
windows/security/threat-protection/auditing/event-5069.md
View File

@ -17,19 +17,19 @@ ms.technology: windows-sec
# 5069(S, F): A cryptographic function property operation was attempted.
This event generates in [BCryptSetContextFunctionProperty](/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty)() function. This is a Cryptographic Next Generation (CNG) function.
This event generates in [BCryptSetContextFunctionProperty](/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty)() function. This function is a Cryptographic Next Generation (CNG) function.
This event generates when named property for a cryptographic function in an existing CNG context was added or removed.
For more information about Cryptographic Next Generation (CNG) visit these pages:
For more information about Cryptographic Next Generation (CNG), visit these pages:
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There is no example of this event in this document.
There's no example of this event in this document.
***Subcategory:***&nbsp;[Audit Other Policy Change Events](audit-other-policy-change-events.md)