WinSecWiki > Security Settings > Local Policies > Audit Policy > Uncategorized

Uncategorized

Subcategory could not be determined

Some events appear in the security log with subcategory reported as "Subcategory could not be determined" and as such are listed here. This list also includes events I've been unable to produce and therefore cannot say to what subcategory they below. If you find these events in your security log with a subcategory please post an example in that event's discussion forum and thereby help us update the wiki.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Events

Event ID	Title
4618	A monitored security event pattern has occurred
4621	Administrator recovered system from CrashOnAuditFail
4646	1.00%
4649	A replay attack was detected
4670	Permissions on an object were changed.
4671	An application attempted to access a blocked ordinal through the TBS.
4675	SIDs were filtered
4709	IPsec Services was started.
4710	IPsec Services was disabled.
4711	1%
4712	IPsec Services encountered a potentially serious failure.
4765	SID History was added to an account.
4766	An attempt to add SID History to an account failed.
4864	A namespace collision was detected.
4908	Special Groups Logon table modified.
4909	The local policy settings for the TBS were changed.
4910	The group policy settings for the TBS were changed.
4953	A rule has been ignored by Windows Firewall because it could not parse the rule.
4960	IPsec dropped an inbound packet that failed an integrity check.
4961	IPsec dropped an inbound packet that failed a replay check.
4962	IPsec dropped an inbound packet that failed a replay check.
4963	IPsec dropped an inbound clear text packet that should have been secured.
4965	IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI).
5039	A registry key was virtualized.
5040	A change has been made to IPsec settings. An Authentication Set was added.
5041	A change has been made to IPsec settings. An Authentication Set was modified.
5042	A change has been made to IPsec settings. An Authentication Set was deleted.
5043	A change has been made to IPsec settings. A Connection Security Rule was added.
5044	A change has been made to IPsec settings. A Connection Security Rule was modified
5045	A change has been made to IPsec settings. A Connection Security Rule was deleted.
5046	A change has been made to IPsec settings. A Crypto Set was added.
5047	A change has been made to IPsec settings. A Crypto Set was modified.
5048	A change has been made to IPsec settings. A Crypto Set was deleted.
5049	An IPsec Security Association was deleted.
5050	An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE)
5051	A file was virtualized.
5057	A cryptographic primitive operation failed.
5060	Verification operation failed.
5062	A kernel-mode cryptographic self test was performed.
5063	A cryptographic provider operation was attempted.
5064	A cryptographic context operation was attempted.
5065	A cryptographic context modification was attempted.
5066	A cryptographic function operation was attempted.
5067	A cryptographic function modification was attempted.
5068	A cryptographic function provider operation was attempted.
5069	A cryptographic function property operation was attempted.
5070	A cryptographic function property operation was attempted.
5120	OCSP Responder Service Started.
5121	OCSP Responder Service Stopped.
5122	A Configuration entry changed in the OCSP Responder Service.
5123	A configuration entry changed in the OCSP Responder Service.
5124	A security setting was updated on OCSP Responder Service.
5125	A request was submitted to OCSP Responder Service.
5126	Signing Certificate was automatically updated by the OCSP Responder Service.
5127	The OCSP Revocation Provider successfully updated the revocation information.
5378	The requested credentials delegation was disallowed by policy.
5453	An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started.
5456	PAStore Engine applied Active Directory storage IPsec policy on the computer.
5457	PAStore Engine failed to apply Active Directory storage IPsec policy on the computer.
5458	PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer.
5459	PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.
5460	PAStore Engine applied local registry storage IPsec policy on the computer.
5461	PAStore Engine failed to apply local registry storage IPsec policy on the computer.
5462	PAStore Engine failed to apply some rules of the active IPsec policy on the computer.
5463	PAStore Engine polled for changes to the active IPsec policy and detected no changes.
5464	PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services
5465	PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully.
5466	PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead
5467	PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy.
5468	PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes.
5471	PAStore Engine loaded local storage IPsec policy on the computer.
5472	PAStore Engine failed to load local storage IPsec policy on the computer.
5473	PAStore Engine loaded directory storage IPsec policy on the computer.
5474	PAStore Engine failed to load directory storage IPsec policy on the computer.
5477	PAStore Engine failed to add quick mode filter.
5632	A request was made to authenticate to a wireless network.
5633	A request was made to authenticate to a wired network.
5888	An object in the COM+ Catalog was modified.
5889	An object was deleted from the COM+ Catalog.
5890	An object was added to the COM+ Catalog.
6144	Security policy in the group policy objects has been applied successfully.
6145	One or more errors occured while processing security policy in the group policy objects.

Upcoming Webinars

Additional Resources

Audit Policy

•	Account Logon
•	Account Management
•	DS Access
•	Audit Logon
•	Object Access
•	Policy Change
•	Privilege Use
•	Process Tracking
•	System Events
•	Non Audit
•	Uncategorized
•	Auditpol
•	Recommened Baseline

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.