Windows 10: Event Log > Security Event ID 5156 and 5158 filling it up

Discus and support Event Log > Security Event ID 5156 and 5158 filling it up in Windows 10 Software and Apps to solve the problem; I am trying to use a Powershell scanner in PDQ Inventory which runs a PS1 and enter the returning data into the asset that scans the Security log for... Discussion in 'Windows 10 Software and Apps' started by esullivanasd, Dec 9, 2021.

  1. ESULLIVANASD
    esullivanasd Win User

    Event Log > Security Event ID 5156 and 5158 filling it up


    I am trying to use a Powershell scanner in PDQ Inventory which runs a PS1 and enter the returning data into the asset that scans the Security log for log on and log off events. The script then enters the data into that asset which allows us to see who has been using it and for how long we are a school which generic computers all over. These log events are located in the Security logs.In trying to research why we are only getting one MAYBE two user sessions I noticed that logs are getting FILLED with event 5156 and 5158. Upon research it's a log that the Windows Firewall allowed to pass.

    :)
     
    esullivanasd, Dec 9, 2021
    #1
  2. TECHIE_DD
    Techie_DD Win User

    Windows 10 workstation Security log filling with Event ID 4703

    My Windows 10 workstation's Security Event Log is filled with informational Event ID 4703 (like 20/second).

    It's an Audit Success on Authorization Policy Change category.

    Pretty much all are about the javaw.exe process & SeSecurityPrivilege. But also a few of them list svchost.exe as the process & a whole list of privileges.

    I can't find anything on the Net about event 4703.

    Sometimes it lists the privilege as Disabled (as below), and some are Enabled. Back & forth, multiple events per second.

    Does anyone have any idea what/why this is, or anyone else experiencing it?

    Here are the details of the event (edited for privacy)...

    Task Category: Authorization Policy Change

    Level: Information

    Keywords: Audit Success

    User: N/A

    Computer: xxxxx.yyyy.com

    Description:

    A user right was adjusted.

    Subject:

    Security ID: SYSTEM

    Account Name: XXXXXX

    Account Domain: YYYYYYYY

    Logon ID: 0x3E7

    Target Account:

    Security ID: SYSTEM

    Account Name: XXXXXXX

    Account Domain: YYYYYYYYY

    Logon ID: 0x3E7

    Process Information:

    Process ID: 0xb24

    Process Name: C:\Windows\SysWOW64\ContegoSPOP\jre1.7.0_65\bin\javaw.exe

    Enabled Privileges:

    -

    Disabled Privileges:

    SeSecurityPrivilege
     
    Techie_DD, Dec 9, 2021
    #2
  3. IGNATIUSBENNY
    IgnatiusBenny Win User
    Excessive Security Log Events - Event ID 5379 - Windows 10

    i had ex[eriences like that last night - my laptop so slowly
     
    IgnatiusBenny, Dec 9, 2021
    #3
  4. TECHIE_DD
    Techie_DD Win User

    Event Log > Security Event ID 5156 and 5158 filling it up

    Windows 10 workstation Security log filling with Event ID 4703

    Another Windows 10 in our environment has a load of Event ID 4703 as well, but the majority of theirs lists a different process (Symantec Endpoint Protection), which is nowhere in mine. So, given this, I don't think the event is specific to java, or any
    other product, per se.
     
    Techie_DD, Dec 9, 2021
    #4
Thema:

Event Log > Security Event ID 5156 and 5158 filling it up

Loading...

  1. Event Log > Security Event ID 5156 and 5158 filling it up - Similar Threads - Event Log Security

  2. Event ID 521, Unable to log events to Security log

    in Windows 10 News
    Event ID 521, Unable to log events to Security log: [ATTACH]If you see Event ID 521 along with a message saying Unable to log events to security log on Windows Server, here is how you can fix the problem. It appears when the maximum log size is set to minimum or anything lower than maximum. In order to fix this issue, you need...

  3. Windows-Security-LessPrivilegedAppContainer Filling Event Log

    in Windows 10 Gaming
    Windows-Security-LessPrivilegedAppContainer Filling Event Log: I keep getting this error in my event log and can't figure out the source of it. When it occurs, there will be nearly a thousand events logged for the given time. When I look up the associated PID in Task Manager, it lists the Runtime Broker...

  4. Windows-Security-LessPrivilegedAppContainer Filling Event Log

    in Windows 10 Software and Apps
    Windows-Security-LessPrivilegedAppContainer Filling Event Log: I keep getting this error in my event log and can't figure out the source of it. When it occurs, there will be nearly a thousand events logged for the given time. When I look up the associated PID in Task Manager, it lists the Runtime Broker...

  5. Event Log > Security Event ID 5156 and 5158 filling it up

    in Windows 10 Gaming
    Event Log > Security Event ID 5156 and 5158 filling it up: I am trying to use a Powershell scanner in PDQ Inventory which runs a PS1 and enter the returning data into the asset that scans the Security log for log on and log off events. The script then enters the data into that asset which allows us to see who has been using it and...

  6. Event Log > Security Event ID 5156 and 5158 filling it up

    in Windows 10 Customization
    Event Log > Security Event ID 5156 and 5158 filling it up: I am trying to use a Powershell scanner in PDQ Inventory which runs a PS1 and enter the returning data into the asset that scans the Security log for log on and log off events. The script then enters the data into that asset which allows us to see who has been using it and...

  7. Archive Security Event Logs Filling HD

    in Windows 10 Network and Sharing
    Archive Security Event Logs Filling HD: I don't know what caused it but I am seeing a massive amount of logs that aren't clearing themselves. I don't know if someone set something in group policy to monitor something and forgot but I don't see anything abnormal. I have gone to 10 computers, all of ours are Win 10,...

  8. Error in Event log, Event ID 10016

    in Windows 10 BSOD Crashes and Debugging
    Error in Event log, Event ID 10016: So my laptop been crashing very often for last week, I never had the chance to take the photo of the blue screen, its lightning fast to restart. I have seen this in my event log and wonder if it has anything to do with it. I have seen kernel errors, battery errors and this...

  9. Excessive Security Log Events - Event ID 5379 - Windows 10

    in Windows 10 BSOD Crashes and Debugging
    Excessive Security Log Events - Event ID 5379 - Windows 10: I have been experiencing Windows Application crashes on my 3 month old Windows 10 install. While troubleshooting, I noticed that there 50+ security events each minute in the Event Viewer under Windows Logs > Security. Is this normal? The majority are Audit Success...

  10. Event log filled with WPNConnectionFailure

    in Windows 10 Network and Sharing
    Event log filled with WPNConnectionFailure: Having some internet issues where connection is lost for 3-4 minutes and the cable modem restarts. The event viewer is filled with the logs below usually before the internet disconnects. I'm wondering if this is the cable modem's fault and Windows just reporting what's...