10 Replies Latest reply on May 4, 2016 3:17 PM by jamesatloop1

    4656 event log with FIM on windows 7 machine filter

    marcusmm8

      I get the event below from a windows 7 workstaion frequently. Thoughts?

       

      Event FieldInformation
      OperationTypeObjectOpenFailure
      AccessPropertiesMask: -
      ServingProcess{0x314,0}
      OperationID{00000000-0000-0000-0000-000000000000}
      ObjectHandleID0x0
      ObjectNamePlugPlaySecurityObject
      ObjectTypeSecurity
      ObjectServerPlugPlayManager
      PrivilegesExercised0x2
      AccessRequestedUnknown specific access (bit 1)
      DestinationLogonID
      DestinationDomain
      DestinationAccount
      SourceLogonID0x2cebe
      SourceDomainBBBBBBB
      SourceAccountZZZZZZZ
      ExtraneousInfo
      ProviderSIDMicrosoft-Windows-Security-Auditing 4656
      InferenceRule
      ToolAliasVista Security
      Severity3
      DetectionTime12:50:08 Thu Apr 28 2016
      InsertionTime12:50:09 Thu Apr 28 2016
      DetectionIPXXXXXX
      ManagerYYYYYYY
      InsertionIPXXXXXX
      EventInfoObject open failed "PlugPlayManager (Security) PlugPlaySecurityObject"
      Event NameObjectAuditFailure