{
	"id": "2be4878d-d35c-45fd-87e0-5177cb610fdc",
	"created_at": "2026-04-06T00:08:09.80912Z",
	"updated_at": "2026-04-10T03:20:48.970525Z",
	"deleted_at": null,
	"sha1_hash": "1d7e535c6ff0ed28393705aa2a05146573e3744f",
	"title": "Audit Other Object Access Events - Windows 10",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38822,
	"plain_text": "Audit Other Object Access Events - Windows 10\r\nBy vinaypamnani-msft\r\nArchived: 2026-04-05 13:31:26 UTC\r\nAudit Other Object Access Events allows you to monitor operations with scheduled tasks, COM+ objects and\r\nindirect object access requests.\r\nEvent volume: Low.\r\nComputer\r\nType\r\nGeneral\r\nSuccess\r\nGeneral\r\nFailure\r\nStronger\r\nSuccess\r\nStronger\r\nFailure\r\nComments\r\nDomain\r\nController\r\nYes Yes Yes Yes\r\nWe recommend Success\r\nauditing first of all because of\r\nscheduled tasks events.\r\nWe recommend Failure\r\nauditing to get events about\r\npossible ICMP DoS attack.\r\nMember\r\nServer\r\nYes Yes Yes Yes\r\nWe recommend Success\r\nauditing first of all because of\r\nscheduled tasks events.\r\nWe recommend Failure\r\nauditing to get events about\r\npossible ICMP DoS attack.\r\nWorkstation Yes Yes Yes Yes\r\nWe recommend Success\r\nauditing first of all because of\r\nscheduled tasks events.\r\nWe recommend Failure\r\nauditing to get events about\r\npossible ICMP DoS attack.\r\nEvents List:\r\n4671(-): An application attempted to access a blocked ordinal through the TBS.\r\n4691(S): Indirect access to an object was requested.\r\n5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets\r\nassociated with this attack will be discarded.\r\n5149(F): The DoS attack has subsided and normal processing is being resumed.\r\nhttps://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events\r\nPage 1 of 2\n\n4698(S): A scheduled task was created.\r\n4699(S): A scheduled task was deleted.\r\n4700(S): A scheduled task was enabled.\r\n4701(S): A scheduled task was disabled.\r\n4702(S): A scheduled task was updated.\r\n5888(S): An object in the COM+ Catalog was modified.\r\n5889(S): An object was deleted from the COM+ Catalog.\r\n5890(S): An object was added to the COM+ Catalog.\r\nSource: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events\r\nhttps://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events"
	],
	"report_names": [
		"audit-other-object-access-events"
	],
	"threat_actors": [],
	"ts_created_at": 1775434089,
	"ts_updated_at": 1775791248,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1d7e535c6ff0ed28393705aa2a05146573e3744f.pdf",
		"text": "https://archive.orkl.eu/1d7e535c6ff0ed28393705aa2a05146573e3744f.txt",
		"img": "https://archive.orkl.eu/1d7e535c6ff0ed28393705aa2a05146573e3744f.jpg"
	}
}