Windows Security Log Event ID 4610

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
System
 • Security System Extension
Type Success
Corresponding events
in Windows 2003
and before
514  
Discussions on Event ID 4610
Ask a question about this event

4610: An authentication package has been loaded by the Local Security Authority

On this page

Event 4610 is logged once at startup for each authentication package on the system.

An authentication package is a DLL that encapsulates a given form of authentication, such as NTLM or Kerberos. The Local Security Authority calls into the appropriate authentication package during the logon process to find out if the user is authentic.

Although a third party can develop an authentication package, few do so, except for smart card and token manufacturers. The only authentication package logged by Windows Server 2008 is C:\Windows\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 which is just one of the authentication options supported by Windows (See 514 for a list of standard authentication packages on Windows Server 2003). The other authentication options supported by Windows Server 2008 appear to now be part of a larger package called a security package. See 4622.  From MSDN: "A security package that functions as an authentication package and implements the functionality required by SSPI is called a security support provider/authentication package (SSP/AP)."

The security implication of event 4610, realistically, is low. Although a rogue package could cause great harm by stealing credentials at the time of logon, the effort required in developing and installing a rogue authentication package is significant.

Free Security Log Resources by Randy

Description Fields in 4610

  • Authentication Package Name: %1

Supercharger Free Edition

 

Centrally manage WEC subscriptions.

Free.

 

Examples of 4610

An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\Windows\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources