Windows Security Log Event ID 5058

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
 • Subcategory
 • Other System Events
Type Success
Corresponding events
in Windows 2003
and before
Discussions on Event ID 5058
Can this be a sign of a key logger though?
Events 5058/5061 - W2008 server, very high volume

5058: Key file operation

On this page

Key file operation

Free Security Log Resources by Randy

Supercharger Enterprise


Examples of 5058

Key file operation.


   Security ID:  SYSTEM
   Account Name:  WIN-857ZZX6RQHL$
   Account Domain:  ACME-FR
   Logon ID:  0x3e7

Cryptographic Parameters:

   Provider Name: Microsoft Software Key Storage Provider
   Algorithm Name: Not Available.
   Key Name: acme-fr-WIN-857ZZX6RQHL-CA
   Key Type: Machine key.

Key File Operation Information:

   File Path: C:\ProgramData\Microsoft\Crypto\Keys\375d951cf427e77c9b8cbf68fdf21148_82f19091-   d5b5-4765-8e46-a16b1daddf27
   Operation: Read persisted key from file.
   Return Code: 0x0


Keep me up-to-date on the Windows Security Log.
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection


Additional Resources