Windows Security Log Event ID 601

Operating Systems Windows 2003 and XP
CategoryProcess Tracking
Type Success
Failure
Corresponding events
in Windows 2008
and Vista
4697  
Discussions on Event ID 601
Ask a question about this event

601: Attempt to install service

On this page

A new service was installed by the indicated user and domain.

Service Name: the internal system name of the new service.Use "sc query" to get a cross reference of service names and their more familiar display names.

Service Type:

Service Start Type:

Service Account: this is the account that the service runs under.

User Name and Domain identify the user who installed the service.

While this event only monitors new services, you can audit existing service related events such as starts, stops and modifications with the Object Access category. To enable auditing on a service you can use a Security Template or the subinacl (resource kit) command.
 

Free Security Log Resources by Randy

Description Fields in 601

  • Service Name:
  • Service File Name:
  • Service Type:
  • Service Start Type:
  • Service Account:
  • User Name:
  • Domain:
  • Logon ID:

Supercharger Free Edition


Your entire Windows Event Collection environment on a single pane of glass.

Free.

 

Examples of 601

Attempt to install service:
Service Name:SNMPTRAP
Service File Name:%SystemRoot%\system32\snmptrap.exe
Service Type:16
Service Start Type:3
Service Account:NT AUTHORITY\LocalService
By:
User Name:administrator
Domain:ELM
Logon ID:(0x0,0x158EB7)

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources