Windows Security Log Event ID 4985

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory		Object Access
 • File System
Type Success
Corresponding events
in Windows 2003
and before		  

4985: The state of a transaction has changed

On this page

The state of a transaction has changed.

Free Security Log Resources by Randy

Description Fields in 4985

Subject:

  • Security ID:
  • Account Name:
  • Account Domain:
  • Logon ID:

Transaction Information:

  • RM Transaction ID:
  • New State:
  • Resource Manager:

Process Information:

  • Process ID:
  • Process Name:

Supercharger Free Edition


Your entire Windows Event Collection environment on a single pane of glass.

Free.

 

Examples of 4985

The state of a transaction has changed.

Subject:

   Security ID:       SYSTEM
   Account Name:      WIN-R9H529RIO4Y$
   Account Domain:    WORKGROUP
   Logon ID:          0x3e7

Transaction Information:

   RM Transaction ID: {7a1beac9-ab0f-11dc-a998-000c29fee385}
   New State:         48
   Resource Manager:  {dbcb1457-a76f-11dc-ae5a-c74dbd19033c}

Process Information:

   Process ID:        0xd98
   Process Name:      C:\Windows\servicing\TrustedInstaller.exe

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources