Are Special Logons Suspicious? (Event id: 4672)

M

Minepocket

Hello, I've noticed multiple different "special logon" events (event id: 4672) wherein some of the events have different privileges than others. Is this normal? (some of) the privileges were:SeSecurityPrivilege, SeTakeOwnershipPrivilege, SeLoadDriverPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeSystemEnvironmentPrivilege, SeImpersonatePrivilege, SeDelegateSessionUserImpersonatePrivilege, SeAssignPrimaryTokenPrivilege, SeTcbPrivilege, SeAuditPrivilegeThe event often looks like this:Special privileges assigned to new logon.Subject:Security ID: SYSTEM Account Name: SY

Continue reading...
 
You must log in or register to reply here.

Similar threads

T
Log Name: Security Source: 4672 Task Category: Special Logon Level: Reasons why my pc is so slow
Replies
0
Views
271
Tom and Lisa
T
H
Windows Event ID 4624 & 4672 Causing my Fans ARGB & AIO ARGB to go Rainbow mode for about 0.5-1 second
Replies
0
Views
67
Hirwanizam MT
H
S
New clean install , gets infected right away. Had Windows pro , trying windows home. Still happening but less.
Replies
0
Views
76
Sævar Pálmi Sigurðsson
S
E
Event 4672, Special Logon
Replies
0
Views
468
Erfngel1
E
E
Crash after Windows audit
Replies
0
Views
317
ElijahShaw
E
Back
Top Bottom