Question Concerning Event Viewer Security Events?

H0PEFU11Y

Great
Apr 30, 2019
96
6
65
13
Hello there,
I have noticed some events in the security windows log. They seem to occur at random intervals (minutes apart) and then 10’s of them during the occurrences. I have Malwarebytes and Windows Defender installed. I’m not sure if they’re anything to be concerned about so I thought I’d ask here 😊 (I've edited some identifiable parts with stuff such as [DESKTOP NAME] in the quotes).
Credential Manager credentials were read.

Subject:
Security ID: DESKTOP-[DESKTOP NAME]\[USERNAME]
Account Name: [USERNAME]
Account Domain: DESKTOP-[DESKTOP NAME]
Logon ID: 0x1F9E0F90
Read Operation: Enumerate Credentials

This event occurs when a user performs a read operation on stored credentials in Credential Manager.
Credential Manager credentials were read.
Security ID: SYSTEM
Account Name: DESKTOP-[DESKTOP NAME]
Account Domain: WORKGROUP
Logon ID: 0x3E7
Read Operation: Enumerate Credentials
A user's local group membership was enumerated.
Subject:
Security ID: SYSTEM
Account Name: DESKTOP-[DESKTOP NAME]
Account Domain: WORKGROUP
Logon ID: 0x3E7
User:
Security ID: DESKTOP-[DESKTOP NAME]\Guest
Account Name: Guest
Account Domain: DESKTOP-[DESKTOP NAME]
Process Information:
Process ID: 0x280c
Process Name: C:\Windows\System32\svchost.exe
Vault credentials were read.
Security ID: SYSTEM
Account Name: DESKTOP-[DESKTOP NAME]
Account Domain: WORKGROUP
Logon ID: 0x3E7
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: DESKTOP-[DESKTOP NAME]
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Information:
Logon Type: 5
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x308
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
SeDelegateSessionUserImpersonatePrivilege
A user's local group membership was enumerated.
Subject:
Security ID: SYSTEM
Account Name: DESKTOP-[DESKTOP NAME]
Account Domain: WORKGROUP
Logon ID: 0x3E7

User:
Security ID: DESKTOP-[DESKTOP NAME]\Guest
Account Name: Guest
Account Domain: DESKTOP-[DESKTOP NAME]

Process Information:
Process ID: 0x280c
Process Name: C:\Windows\System32\svchost.exe
TIA
 

H0PEFU11Y

Great
Apr 30, 2019
96
6
65
13
Even when it's just sitting at the desktop, Windows is doing a lot of stuff in the background. The events you listed appear normal.
What does a full Malwarebytes and Windows Defender scan say?
Both say no viruses or spyware or anything. Its just the first time I've paid attention to the security log so I wasn't sure. Thankyou :)
 

ASK THE COMMUNITY

TRENDING THREADS