Win8 Event ID 4797

Topic	Stats	Last action by
Need new Monitor in Hardware Hangout	5 Replies	Mindovermaster
Xbox: A New Generation Revealed in Microsoft Console	478 Replies	Veiva
Endless problems connecting to Youtube/Netflix/Facebook/Gmail in Internet, Network & Security	2 Replies	jaxguy
It's pronounced "jif" says GIF creator Steve Wilhite. in Back Page News	50 Replies	soniqstylz
AnandTech: Xbox One vs. PS4 - Hardware comparison in Gamers' Hangout	171 Replies	soniqstylz

#1 AR556

Neowinian UNSTOPPABLE

5,120 posts

Joined:

07-August 03

Posted 27 January 2013 - 15:30

Anyone ever see these on their Windows 8 machine in the security section of the log viewer? :wacko:

Quote

Event ID 4797

"An attempt was made to query the existence of a blank password for an account."

Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:

Additional Information:
Caller Workstation:
Target Account Name: Guest

Ad Bot

Group: Treasury
Register: It's Free!

#2 DrHaze

Neowinian

3 posts

Joined:

29-January 13

Posted 29 January 2013 - 02:55

I am getting the same thing
Windows 8 X64 Pro Upgrade from Windows 7 x64
No One seems to be able to answer the question
Avast Antivirus
Comodo 6 Firewall
I get the 4797 for ALL of my accounts, GUEST, Administrator and the other two i have that have admin privileges.
it is at random but regularly/daily goes on

#3 Praetor

ASCii/ANSi Designer

916 posts

Joined:

05-June 02

Posted 29 January 2013 - 02:58

"Target Account Name: Guest"

an attack?

#4 +Fus10n

Linux Guru

2,155 posts

Joined:

08-July 04

Location: East Cost
OS: Debian | Windows 7 | Arch | OSX 10.7.5
Phone: Nexus 4 via AT&T Rooted

Posted 29 January 2013 - 03:01

Praetor, on 29 January 2013 - 02:58, said:

"Target Account Name: Guest"

an attack?

That is what I was thinking

#5 DrHaze

Neowinian

3 posts

Joined:

29-January 13

Posted 29 January 2013 - 04:37

It's definately some sort of attack. 21 times all accounts.

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 1/28/2013 11:34:08 PM
Event ID: 4797
Task Category: User Account Management
Level: Information
Keywords: Audit Success
User: N/A
Computer: phenom
Description:
An attempt was made to query the existence of a blank password for an account.

Subject:
Security ID: phenom\crusader
Account Name: crusader
Account Domain: phenom
Logon ID: 0xA068D

Additional Information:
Caller Workstation: PHENOM
Target Account Name: DrHaze
Target Account Domain: phenom
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4797</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>13824</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2013-01-29T04:34:08.308305800Z" />
<EventRecordID>42164</EventRecordID>
<Correlation />
<Execution ProcessID="1000" ThreadID="3832" />
<Channel>Security</Channel>
<Computer>phenom</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-21-1124263850-194828415-1399416522-1001</Data>
<Data Name="SubjectUserName">crusader</Data>
<Data Name="SubjectDomainName">phenom</Data>
<Data Name="SubjectLogonId">0xa068d</Data>
<Data Name="Workstation">PHENOM</Data>
<Data Name="TargetUserName">DrHaze</Data>
<Data Name="TargetDomainName">phenom</Data>
</EventData>
</Event>

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 1/28/2013 11:34:08 PM
Event ID: 4797
Task Category: User Account Management
Level: Information
Keywords: Audit Success
User: N/A
Computer: phenom
Description:
An attempt was made to query the existence of a blank password for an account.

Entire log located here... http://pastie.org/5953014