Windows Security Log Event ID 4615

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
System
 • System Integrity
Type Success
Corresponding events
in Windows 2003
and before
519  
Discussions on Event ID 4615
Ask a question about this event

4615: Invalid use of LPC port

On this page

LPC is used for communication between threads or processes or for communication between kernel mode and user mode components. The communication can be on the same computer between the client and server functions. In 2000 there were several LPC port spoofing vulnerabilities patched for Windows NT.

I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.

Free Security Log Resources by Randy

Description Fields in 4615

Subject:

  •  Security ID:  %1
  •  Account Name:  %2
  •  Account Domain:  %3
  •  Logon ID:  %4

Process Information:

  •  PID:   %7
  •  Name:   %8

Other Information:

  • Invalid Use:  %5
  • LPC Server Port Name: %6

Setup PowerShell Audit Log Forwarding in 4 Minutes

 

Examples of 4615

Invalid use of LPC port.

Subject:
    
Security ID:  %1
     Account Name:  %2
     Account Domain:  %3
     Logon ID:  %4

Process Information:
    
PID:   %7
     Name:   %8

Other Information:
     Invalid Use:  %5
    
LPC Server Port Name: %6

Windows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA's use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel.

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources