Audit Failure alerts under Windows Event Viewer - Security log for domain user on ePO server
Last Modified: 2023-04-13 19:07:14 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Audit Failure alerts under Windows Event Viewer - Security log for domain user on ePO server
Technical Articles ID:
KB93248
Last Modified: 2023-04-13 19:07:14 Etc/GMT Environment
ePolicy Orchestrator 5.x Problem
In the Windows Event Viewer, the Audit Failure event is generated under the Security log. Error: Source: Microsoft-Windows-Security-Auditing Date: 15/11/2018 11:18:00 AM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: Computername.domain.com Description: An account failed to log on. Logon Type: 3 Account for which logon failed: Account Name: Domain_Account Account Domain: - Network Information: Source Network Address: xx.xx.xx.xx Source Port: Port_Number Cause
The issue occurs when the domain user is configured with incorrect password details under DLP Settings page or DLP Windows Client Configuration Policy for the DLP Evidence share folder.
Solution
Configure the domain user account with correct password details in DLP Settings and under every DLP Windows Client Configuration Policy. Perform the following configuration:
Affected ProductsLanguages:This article is available in the following languages: |
|