Not sure where to turn as all my googling, reading and trying different things have failed to provide a solution so thought I would try the Windows experts if any are willing to offer suggestions. Over the last 3 days I have had over 36,000 security events which is a bit annoying due to the do-doot sounds as well as it grabbing focus every few seconds. A solution would be GREATLY appreciated. If I should delete this and not ask this here just tell me. I am sure it is coincidence but seemed to start when I started processing huge files using WinBatch...if that is enough of a hook to post the question :)
I have tried shutting down all the machines on my network (just a basic home/windows network)
Turning off my internet
closing most applications
uninstalled a few things
etc.
The events mostly comprise the following in large quantities:
###############################################################################
Audit Success 4/2/2019 1:42:01 PM Microsoft Windows security auditing. 4798 User Account Management
Process Information:
Process ID: 0x56a8
Process Name: C:\Windows\explorer.exe
###############################################################################
Audit Success 4/2/2019 1:41:07 PM Microsoft Windows security auditing. 4672 Special Logon
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
SeDelegateSessionUserImpersonatePrivilege
#######################################################################
Audit Success 4/2/2019 1:41:07 PM Microsoft Windows security auditing. 4624 Logon
An account was successfully logged on.
###############################################################
Audit Success 4/2/2019 1:33:51 PM Microsoft Windows security auditing. 5061 System Integrity
Cryptographic operation.
Subject:
Security ID: MyMachine/login
Account Name: login
Account Domain: machine
Logon ID: 0x4CB10
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: TB_0_office365.com
Key Type: User key.
Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
################################################
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/2/2019 3:34:35 PM
Event ID: 5058
Task Category: Other System Events
Level: Information
Keywords: Audit Success
User: N/A
Computer: machine
Description:
Key file operation.
Process Information:
Process ID: 16332
Process Creation Time: ?2019?-?04?-?02T20:34:29.444247200Z
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: te-aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
Key Type: User key.
Key File Operation Information:
File Path: C:\Users\.......\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-111111110-1111111174-655555555-1001\0afsdfasdfasdfasdfasdfasdfasdfa7_9asdfasd-15ertwert-bere-cfhghfghfghc
Operation: Read persisted key from file.
Return Code: 0x0
The 1st and most obvious question to ask:
What changed in your environment approximately 3 days ago when these event log entries started being generated in large quantities?
off-the-wall theory: maybe, just as an experiment, it might be good to log off/disconnect/uninstall office365, just to see if that has an effect? You can always reconnect later, I think. It seems like something is stuck in some sort of authentication loop, and I've heard that office365 does some pretty complex logic in that area...
Not even $0.02,
Kirby
A few other random unlikely possibilities include; a viral infection, old and invalid cached credentials, a changed email password, or none of the above.
Thanks all. Nothing changed of which I am aware but obviously something did. Became aware of it when I started processing tens of gigs of data but that seemed like an unlikely cause and more likely just was something with which it more blatantly interfered. Hadn't noticed the office-365 note until gathering the stuff for the post so will look in that direction. Although, one thing that does come to mind is that Windows was complaining the other day about a login being bad and I told it to fix it. Maybe something with that, which could be office365 related. I have a personal business acount and another work related account. Maybe they are fighting with each other???
Thanks again. This was helpful.
Jim
Thought I should report back since you were kind enough to reply. Still a problem but in some ways better. I think it does have something to do with the LARGE files with which I am working. Logged out of Office365 and then the error messages started referencing Carbonite. Realized it was backing up the files with which I am working so told it to skip those folders. Still get the Events though but has quieted down some. If I go and work on other stuff then it almost quits but when I return to those folders and that project it picks back up again. Oh well, I do appreciate the suggestions. Will see what happens when I finish this project.
Thanks again.
Jim
Turns out it was my mouse and also maybe my web cam. Didn't realize it would generate such errors if a mouse was bad but finally ran across a post somewhere in which someone mentioned a similar issue and their resolution. It got better after disconnecting my web cam but was getting worse again so just swapped mice and so far the problem has stopped.
Jim
wow! that's instructive. the mouse!
Thanks for posting Jim.
-K