{
	"id": "f55dc790-2e6f-42f8-b34b-707bd47e6b53",
	"created_at": "2026-04-06T00:21:06.53258Z",
	"updated_at": "2026-04-10T03:20:20.871087Z",
	"deleted_at": null,
	"sha1_hash": "ad5aa9cfa47744aaff8251d2779229a2595ee935",
	"title": "Windows Security Log Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 345073,
	"plain_text": "Windows Security Log Encyclopedia\r\nArchived: 2026-04-02 10:48:51 UTC\r\nWindows 1100 The event logging service has shut down\r\nWindows 1101 Audit events have been dropped by the transport.\r\nWindows 1102 The audit log was cleared\r\nWindows 1104 The security Log is now full\r\nWindows 1105 Event log automatic backup\r\nWindows 1108 The event logging service encountered an error\r\nWindows 4608 Windows is starting up\r\nWindows 4609 Windows is shutting down\r\nWindows 4610 An authentication package has been loaded by the Local Security Authority\r\nWindows 4611 A trusted logon process has been registered with the Local Security Authority\r\nWindows 4612\r\nInternal resources allocated for the queuing of audit messages have been exhausted,\r\nleading to the loss of some audits.\r\nWindows 4614 A notification package has been loaded by the Security Account Manager.\r\nWindows 4615 Invalid use of LPC port\r\nWindows 4616 The system time was changed.\r\nWindows 4618 A monitored security event pattern has occurred\r\nWindows 4621 Administrator recovered system from CrashOnAuditFail\r\nWindows 4622 A security package has been loaded by the Local Security Authority.\r\nWindows 4624 An account was successfully logged on\r\nWindows 4625 An account failed to log on\r\nWindows 4626 User/Device claims information\r\nWindows 4627 Group membership information.\r\nWindows 4634 An account was logged off\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 1 of 18\n\nWindows 4646 IKE DoS-prevention mode started\r\nWindows 4647 User initiated logoff\r\nWindows 4648 A logon was attempted using explicit credentials\r\nWindows 4649 A replay attack was detected\r\nWindows 4650 An IPsec Main Mode security association was established\r\nWindows 4651 An IPsec Main Mode security association was established\r\nWindows 4652 An IPsec Main Mode negotiation failed\r\nWindows 4653 An IPsec Main Mode negotiation failed\r\nWindows 4654 An IPsec Quick Mode negotiation failed\r\nWindows 4655 An IPsec Main Mode security association ended\r\nWindows 4656 A handle to an object was requested\r\nWindows 4657 A registry value was modified\r\nWindows 4658 The handle to an object was closed\r\nWindows 4659 A handle to an object was requested with intent to delete\r\nWindows 4660 An object was deleted\r\nWindows 4661 A handle to an object was requested\r\nWindows 4662 An operation was performed on an object\r\nWindows 4663 An attempt was made to access an object\r\nWindows 4664 An attempt was made to create a hard link\r\nWindows 4665 An attempt was made to create an application client context.\r\nWindows 4666 An application attempted an operation\r\nWindows 4667 An application client context was deleted\r\nWindows 4668 An application was initialized\r\nWindows 4670 Permissions on an object were changed\r\nWindows 4671 An application attempted to access a blocked ordinal through the TBS\r\nWindows 4672 Special privileges assigned to new logon\r\nWindows 4673 A privileged service was called\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 2 of 18\n\nWindows 4674 An operation was attempted on a privileged object\r\nWindows 4675 SIDs were filtered\r\nWindows 4688 A new process has been created\r\nWindows 4689 A process has exited\r\nWindows 4690 An attempt was made to duplicate a handle to an object\r\nWindows 4691 Indirect access to an object was requested\r\nWindows 4692 Backup of data protection master key was attempted\r\nWindows 4693 Recovery of data protection master key was attempted\r\nWindows 4694 Protection of auditable protected data was attempted\r\nWindows 4695 Unprotection of auditable protected data was attempted\r\nWindows 4696 A primary token was assigned to process\r\nWindows 4697 A service was installed in the system\r\nWindows 4698 A scheduled task was created\r\nWindows 4699 A scheduled task was deleted\r\nWindows 4700 A scheduled task was enabled\r\nWindows 4701 A scheduled task was disabled\r\nWindows 4702 A scheduled task was updated\r\nWindows 4703 A token right was adjusted\r\nWindows 4704 A user right was assigned\r\nWindows 4705 A user right was removed\r\nWindows 4706 A new trust was created to a domain\r\nWindows 4707 A trust to a domain was removed\r\nWindows 4709 IPsec Services was started\r\nWindows 4710 IPsec Services was disabled\r\nWindows 4711 PAStore Engine (1%)\r\nWindows 4712 IPsec Services encountered a potentially serious failure\r\nWindows 4713 Kerberos policy was changed\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 3 of 18\n\nWindows 4714 Encrypted data recovery policy was changed\r\nWindows 4715 The audit policy (SACL) on an object was changed\r\nWindows 4716 Trusted domain information was modified\r\nWindows 4717 System security access was granted to an account\r\nWindows 4718 System security access was removed from an account\r\nWindows 4719 System audit policy was changed\r\nWindows 4720 A user account was created\r\nWindows 4722 A user account was enabled\r\nWindows 4723 An attempt was made to change an account's password\r\nWindows 4724 An attempt was made to reset an accounts password\r\nWindows 4725 A user account was disabled\r\nWindows 4726 A user account was deleted\r\nWindows 4727 A security-enabled global group was created\r\nWindows 4728 A member was added to a security-enabled global group\r\nWindows 4729 A member was removed from a security-enabled global group\r\nWindows 4730 A security-enabled global group was deleted\r\nWindows 4731 A security-enabled local group was created\r\nWindows 4732 A member was added to a security-enabled local group\r\nWindows 4733 A member was removed from a security-enabled local group\r\nWindows 4734 A security-enabled local group was deleted\r\nWindows 4735 A security-enabled local group was changed\r\nWindows 4737 A security-enabled global group was changed\r\nWindows 4738 A user account was changed\r\nWindows 4739 Domain Policy was changed\r\nWindows 4740 A user account was locked out\r\nWindows 4741 A computer account was created\r\nWindows 4742 A computer account was changed\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 4 of 18\n\nWindows 4743 A computer account was deleted\r\nWindows 4744 A security-disabled local group was created\r\nWindows 4745 A security-disabled local group was changed\r\nWindows 4746 A member was added to a security-disabled local group\r\nWindows 4747 A member was removed from a security-disabled local group\r\nWindows 4748 A security-disabled local group was deleted\r\nWindows 4749 A security-disabled global group was created\r\nWindows 4750 A security-disabled global group was changed\r\nWindows 4751 A member was added to a security-disabled global group\r\nWindows 4752 A member was removed from a security-disabled global group\r\nWindows 4753 A security-disabled global group was deleted\r\nWindows 4754 A security-enabled universal group was created\r\nWindows 4755 A security-enabled universal group was changed\r\nWindows 4756 A member was added to a security-enabled universal group\r\nWindows 4757 A member was removed from a security-enabled universal group\r\nWindows 4758 A security-enabled universal group was deleted\r\nWindows 4759 A security-disabled universal group was created\r\nWindows 4760 A security-disabled universal group was changed\r\nWindows 4761 A member was added to a security-disabled universal group\r\nWindows 4762 A member was removed from a security-disabled universal group\r\nWindows 4763 A security-disabled universal group was deleted\r\nWindows 4764 A groups type was changed\r\nWindows 4765 SID History was added to an account\r\nWindows 4766 An attempt to add SID History to an account failed\r\nWindows 4767 A user account was unlocked\r\nWindows 4768 A Kerberos authentication ticket (TGT) was requested\r\nWindows 4769 A Kerberos service ticket was requested\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 5 of 18\n\nWindows 4770 A Kerberos service ticket was renewed\r\nWindows 4771 Kerberos pre-authentication failed\r\nWindows 4772 A Kerberos authentication ticket request failed\r\nWindows 4773 A Kerberos service ticket request failed\r\nWindows 4774 An account was mapped for logon\r\nWindows 4775 An account could not be mapped for logon\r\nWindows 4776 The domain controller attempted to validate the credentials for an account\r\nWindows 4777 The domain controller failed to validate the credentials for an account\r\nWindows 4778 A session was reconnected to a Window Station\r\nWindows 4779 A session was disconnected from a Window Station\r\nWindows 4780 The ACL was set on accounts which are members of administrators groups\r\nWindows 4781 The name of an account was changed\r\nWindows 4782 The password hash an account was accessed\r\nWindows 4783 A basic application group was created\r\nWindows 4784 A basic application group was changed\r\nWindows 4785 A member was added to a basic application group\r\nWindows 4786 A member was removed from a basic application group\r\nWindows 4787 A non-member was added to a basic application group\r\nWindows 4788 A non-member was removed from a basic application group..\r\nWindows 4789 A basic application group was deleted\r\nWindows 4790 An LDAP query group was created\r\nWindows 4791 A basic application group was changed\r\nWindows 4792 An LDAP query group was deleted\r\nWindows 4793 The Password Policy Checking API was called\r\nWindows 4794\r\nAn attempt was made to set the Directory Services Restore Mode administrator\r\npassword\r\nWindows 4797 An attempt was made to query the existence of a blank password for an account\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 6 of 18\n\nWindows 4798 A user's local group membership was enumerated.\r\nWindows 4799 A security-enabled local group membership was enumerated\r\nWindows 4800 The workstation was locked\r\nWindows 4801 The workstation was unlocked\r\nWindows 4802 The screen saver was invoked\r\nWindows 4803 The screen saver was dismissed\r\nWindows 4816 RPC detected an integrity violation while decrypting an incoming message\r\nWindows 4817 Auditing settings on object were changed.\r\nWindows 4818\r\nProposed Central Access Policy does not grant the same access permissions as the\r\ncurrent Central Access Policy\r\nWindows 4819 Central Access Policies on the machine have been changed\r\nWindows 4820\r\nA Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet\r\nthe access control restrictions\r\nWindows 4821\r\nA Kerberos service ticket was denied because the user, device, or both does not meet the\r\naccess control restrictions\r\nWindows 4822\r\nNTLM authentication failed because the account was a member of the Protected User\r\ngroup\r\nWindows 4823 NTLM authentication failed because access control restrictions are required\r\nWindows 4824\r\nKerberos preauthentication by using DES or RC4 failed because the account was a\r\nmember of the Protected User group\r\nWindows 4825\r\nA user was denied the access to Remote Desktop. By default, users are allowed to\r\nconnect only if they are members of the Remote Desktop Users group or Administrators\r\ngroup\r\nWindows 4826 Boot Configuration Data loaded\r\nWindows 4830 SID History was removed from an account\r\nWindows 4864 A namespace collision was detected\r\nWindows 4865 A trusted forest information entry was added\r\nWindows 4866 A trusted forest information entry was removed\r\nWindows 4867 A trusted forest information entry was modified\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 7 of 18\n\nWindows 4868 The certificate manager denied a pending certificate request\r\nWindows 4869 Certificate Services received a resubmitted certificate request\r\nWindows 4870 Certificate Services revoked a certificate\r\nWindows 4871 Certificate Services received a request to publish the certificate revocation list (CRL)\r\nWindows 4872 Certificate Services published the certificate revocation list (CRL)\r\nWindows 4873 A certificate request extension changed\r\nWindows 4874 One or more certificate request attributes changed.\r\nWindows 4875 Certificate Services received a request to shut down\r\nWindows 4876 Certificate Services backup started\r\nWindows 4877 Certificate Services backup completed\r\nWindows 4878 Certificate Services restore started\r\nWindows 4879 Certificate Services restore completed\r\nWindows 4880 Certificate Services started\r\nWindows 4881 Certificate Services stopped\r\nWindows 4882 The security permissions for Certificate Services changed\r\nWindows 4883 Certificate Services retrieved an archived key\r\nWindows 4884 Certificate Services imported a certificate into its database\r\nWindows 4885 The audit filter for Certificate Services changed\r\nWindows 4886 Certificate Services received a certificate request\r\nWindows 4887 Certificate Services approved a certificate request and issued a certificate\r\nWindows 4888 Certificate Services denied a certificate request\r\nWindows 4889 Certificate Services set the status of a certificate request to pending\r\nWindows 4890 The certificate manager settings for Certificate Services changed.\r\nWindows 4891 A configuration entry changed in Certificate Services\r\nWindows 4892 A property of Certificate Services changed\r\nWindows 4893 Certificate Services archived a key\r\nWindows 4894 Certificate Services imported and archived a key\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 8 of 18\n\nWindows 4895 Certificate Services published the CA certificate to Active Directory Domain Services\r\nWindows 4896 One or more rows have been deleted from the certificate database\r\nWindows 4897 Role separation enabled\r\nWindows 4898 Certificate Services loaded a template\r\nWindows 4899 A Certificate Services template was updated\r\nWindows 4900 Certificate Services template security was updated\r\nWindows 4902 The Per-user audit policy table was created\r\nWindows 4904 An attempt was made to register a security event source\r\nWindows 4905 An attempt was made to unregister a security event source\r\nWindows 4906 The CrashOnAuditFail value has changed\r\nWindows 4907 Auditing settings on object were changed\r\nWindows 4908 Special Groups Logon table modified\r\nWindows 4909 The local policy settings for the TBS were changed\r\nWindows 4910 The group policy settings for the TBS were changed\r\nWindows 4911 Resource attributes of the object were changed\r\nWindows 4912 Per User Audit Policy was changed\r\nWindows 4913 Central Access Policy on the object was changed\r\nWindows 4928 An Active Directory replica source naming context was established\r\nWindows 4929 An Active Directory replica source naming context was removed\r\nWindows 4930 An Active Directory replica source naming context was modified\r\nWindows 4931 An Active Directory replica destination naming context was modified\r\nWindows 4932 Synchronization of a replica of an Active Directory naming context has begun\r\nWindows 4933 Synchronization of a replica of an Active Directory naming context has ended\r\nWindows 4934 Attributes of an Active Directory object were replicated\r\nWindows 4935 Replication failure begins\r\nWindows 4936 Replication failure ends\r\nWindows 4937 A lingering object was removed from a replica\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 9 of 18\n\nWindows 4944 The following policy was active when the Windows Firewall started\r\nWindows 4945 A rule was listed when the Windows Firewall started\r\nWindows 4946 A change has been made to Windows Firewall exception list. A rule was added\r\nWindows 4947 A change has been made to Windows Firewall exception list. A rule was modified\r\nWindows 4948 A change has been made to Windows Firewall exception list. A rule was deleted\r\nWindows 4949 Windows Firewall settings were restored to the default values\r\nWindows 4950 A Windows Firewall setting has changed\r\nWindows 4951\r\nA rule has been ignored because its major version number was not recognized by\r\nWindows Firewall\r\nWindows 4952\r\nParts of a rule have been ignored because its minor version number was not recognized\r\nby Windows Firewall\r\nWindows 4953 A rule has been ignored by Windows Firewall because it could not parse the rule\r\nWindows 4954\r\nWindows Firewall Group Policy settings has changed. The new settings have been\r\napplied\r\nWindows 4956 Windows Firewall has changed the active profile\r\nWindows 4957 Windows Firewall did not apply the following rule\r\nWindows 4958\r\nWindows Firewall did not apply the following rule because the rule referred to items not\r\nconfigured on this computer\r\nWindows 4960 IPsec dropped an inbound packet that failed an integrity check\r\nWindows 4961 IPsec dropped an inbound packet that failed a replay check\r\nWindows 4962 IPsec dropped an inbound packet that failed a replay check\r\nWindows 4963 IPsec dropped an inbound clear text packet that should have been secured\r\nWindows 4964 Special groups have been assigned to a new logon\r\nWindows 4965\r\nIPsec received a packet from a remote computer with an incorrect Security Parameter\r\nIndex (SPI).\r\nWindows 4976 During Main Mode negotiation, IPsec received an invalid negotiation packet.\r\nWindows 4977 During Quick Mode negotiation, IPsec received an invalid negotiation packet.\r\nWindows 4978 During Extended Mode negotiation, IPsec received an invalid negotiation packet.\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 10 of 18\n\nWindows 4979 IPsec Main Mode and Extended Mode security associations were established.\r\nWindows 4980 IPsec Main Mode and Extended Mode security associations were established\r\nWindows 4981 IPsec Main Mode and Extended Mode security associations were established\r\nWindows 4982 IPsec Main Mode and Extended Mode security associations were established\r\nWindows 4983 An IPsec Extended Mode negotiation failed\r\nWindows 4984 An IPsec Extended Mode negotiation failed\r\nWindows 4985 The state of a transaction has changed\r\nWindows 5024 The Windows Firewall Service has started successfully\r\nWindows 5025 The Windows Firewall Service has been stopped\r\nWindows 5027\r\nThe Windows Firewall Service was unable to retrieve the security policy from the local\r\nstorage\r\nWindows 5028 The Windows Firewall Service was unable to parse the new security policy.\r\nWindows 5029 The Windows Firewall Service failed to initialize the driver\r\nWindows 5030 The Windows Firewall Service failed to start\r\nWindows 5031\r\nThe Windows Firewall Service blocked an application from accepting incoming\r\nconnections on the network.\r\nWindows 5032\r\nWindows Firewall was unable to notify the user that it blocked an application from\r\naccepting incoming connections on the network\r\nWindows 5033 The Windows Firewall Driver has started successfully\r\nWindows 5034 The Windows Firewall Driver has been stopped\r\nWindows 5035 The Windows Firewall Driver failed to start\r\nWindows 5037 The Windows Firewall Driver detected critical runtime error. Terminating\r\nWindows 5038 Code integrity determined that the image hash of a file is not valid\r\nWindows 5039 A registry key was virtualized.\r\nWindows 5040 A change has been made to IPsec settings. An Authentication Set was added.\r\nWindows 5041 A change has been made to IPsec settings. An Authentication Set was modified\r\nWindows 5042 A change has been made to IPsec settings. An Authentication Set was deleted\r\nWindows 5043 A change has been made to IPsec settings. A Connection Security Rule was added\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 11 of 18\n\nWindows 5044 A change has been made to IPsec settings. A Connection Security Rule was modified\r\nWindows 5045 A change has been made to IPsec settings. A Connection Security Rule was deleted\r\nWindows 5046 A change has been made to IPsec settings. A Crypto Set was added\r\nWindows 5047 A change has been made to IPsec settings. A Crypto Set was modified\r\nWindows 5048 A change has been made to IPsec settings. A Crypto Set was deleted\r\nWindows 5049 An IPsec Security Association was deleted\r\nWindows 5050\r\nAn attempt to programmatically disable the Windows Firewall using a call to\r\nINetFwProfile.FirewallEnabled(FALSE\r\nWindows 5051 A file was virtualized\r\nWindows 5056 A cryptographic self test was performed\r\nWindows 5057 A cryptographic primitive operation failed\r\nWindows 5058 Key file operation\r\nWindows 5059 Key migration operation\r\nWindows 5060 Verification operation failed\r\nWindows 5061 Cryptographic operation\r\nWindows 5062 A kernel-mode cryptographic self test was performed\r\nWindows 5063 A cryptographic provider operation was attempted\r\nWindows 5064 A cryptographic context operation was attempted\r\nWindows 5065 A cryptographic context modification was attempted\r\nWindows 5066 A cryptographic function operation was attempted\r\nWindows 5067 A cryptographic function modification was attempted\r\nWindows 5068 A cryptographic function provider operation was attempted\r\nWindows 5069 A cryptographic function property operation was attempted\r\nWindows 5070 A cryptographic function property operation was attempted\r\nWindows 5071 Key access denied by Microsoft key distribution service\r\nWindows 5120 OCSP Responder Service Started\r\nWindows 5121 OCSP Responder Service Stopped\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 12 of 18\n\nWindows 5122 A Configuration entry changed in the OCSP Responder Service\r\nWindows 5123 A configuration entry changed in the OCSP Responder Service\r\nWindows 5124 A security setting was updated on OCSP Responder Service\r\nWindows 5125 A request was submitted to OCSP Responder Service\r\nWindows 5126 Signing Certificate was automatically updated by the OCSP Responder Service\r\nWindows 5127 The OCSP Revocation Provider successfully updated the revocation information\r\nWindows 5136 A directory service object was modified\r\nWindows 5137 A directory service object was created\r\nWindows 5138 A directory service object was undeleted\r\nWindows 5139 A directory service object was moved\r\nWindows 5140 A network share object was accessed\r\nWindows 5141 A directory service object was deleted\r\nWindows 5142 A network share object was added.\r\nWindows 5143 A network share object was modified\r\nWindows 5144 A network share object was deleted.\r\nWindows 5145 A network share object was checked to see whether client can be granted desired access\r\nWindows 5146 The Windows Filtering Platform has blocked a packet\r\nWindows 5147 A more restrictive Windows Filtering Platform filter has blocked a packet\r\nWindows 5148\r\nThe Windows Filtering Platform has detected a DoS attack and entered a defensive\r\nmode; packets associated with this attack will be discarded.\r\nWindows 5149 The DoS attack has subsided and normal processing is being resumed.\r\nWindows 5150 The Windows Filtering Platform has blocked a packet.\r\nWindows 5151 A more restrictive Windows Filtering Platform filter has blocked a packet.\r\nWindows 5152 The Windows Filtering Platform blocked a packet\r\nWindows 5153 A more restrictive Windows Filtering Platform filter has blocked a packet\r\nWindows 5154\r\nThe Windows Filtering Platform has permitted an application or service to listen on a\r\nport for incoming connections\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 13 of 18\n\nWindows 5155\r\nThe Windows Filtering Platform has blocked an application or service from listening on\r\na port for incoming connections\r\nWindows 5156 The Windows Filtering Platform has allowed a connection\r\nWindows 5157 The Windows Filtering Platform has blocked a connection\r\nWindows 5158 The Windows Filtering Platform has permitted a bind to a local port\r\nWindows 5159 The Windows Filtering Platform has blocked a bind to a local port\r\nWindows 5168 Spn check for SMB/SMB2 fails.\r\nWindows 5169 A directory service object was modified\r\nWindows 5170 A directory service object was modified during a background cleanup task\r\nWindows 5376 Credential Manager credentials were backed up\r\nWindows 5377 Credential Manager credentials were restored from a backup\r\nWindows 5378 The requested credentials delegation was disallowed by policy\r\nWindows 5379 Credential Manager credentials were read\r\nWindows 5380 Vault Find Credential\r\nWindows 5381 Vault credentials were read\r\nWindows 5382 Vault credentials were read\r\nWindows 5440\r\nThe following callout was present when the Windows Filtering Platform Base Filtering\r\nEngine started\r\nWindows 5441\r\nThe following filter was present when the Windows Filtering Platform Base Filtering\r\nEngine started\r\nWindows 5442\r\nThe following provider was present when the Windows Filtering Platform Base Filtering\r\nEngine started\r\nWindows 5443\r\nThe following provider context was present when the Windows Filtering Platform Base\r\nFiltering Engine started\r\nWindows 5444\r\nThe following sub-layer was present when the Windows Filtering Platform Base\r\nFiltering Engine started\r\nWindows 5446 A Windows Filtering Platform callout has been changed\r\nWindows 5447 A Windows Filtering Platform filter has been changed\r\nWindows 5448 A Windows Filtering Platform provider has been changed\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 14 of 18\n\nWindows 5449 A Windows Filtering Platform provider context has been changed\r\nWindows 5450 A Windows Filtering Platform sub-layer has been changed\r\nWindows 5451 An IPsec Quick Mode security association was established\r\nWindows 5452 An IPsec Quick Mode security association ended\r\nWindows 5453\r\nAn IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec\r\nKeying Modules (IKEEXT) service is not started\r\nWindows 5456 PAStore Engine applied Active Directory storage IPsec policy on the computer\r\nWindows 5457 PAStore Engine failed to apply Active Directory storage IPsec policy on the computer\r\nWindows 5458\r\nPAStore Engine applied locally cached copy of Active Directory storage IPsec policy on\r\nthe computer\r\nWindows 5459\r\nPAStore Engine failed to apply locally cached copy of Active Directory storage IPsec\r\npolicy on the computer\r\nWindows 5460 PAStore Engine applied local registry storage IPsec policy on the computer\r\nWindows 5461 PAStore Engine failed to apply local registry storage IPsec policy on the computer\r\nWindows 5462 PAStore Engine failed to apply some rules of the active IPsec policy on the computer\r\nWindows 5463 PAStore Engine polled for changes to the active IPsec policy and detected no changes\r\nWindows 5464\r\nPAStore Engine polled for changes to the active IPsec policy, detected changes, and\r\napplied them to IPsec Services\r\nWindows 5465\r\nPAStore Engine received a control for forced reloading of IPsec policy and processed\r\nthe control successfully\r\nWindows 5466\r\nPAStore Engine polled for changes to the Active Directory IPsec policy, determined that\r\nActive Directory cannot be reached, and will use the cached copy of the Active\r\nDirectory IPsec policy instead\r\nWindows 5467\r\nPAStore Engine polled for changes to the Active Directory IPsec policy, determined that\r\nActive Directory can be reached, and found no changes to the policy\r\nWindows 5468\r\nPAStore Engine polled for changes to the Active Directory IPsec policy, determined that\r\nActive Directory can be reached, found changes to the policy, and applied those changes\r\nWindows 5471 PAStore Engine loaded local storage IPsec policy on the computer\r\nWindows 5472 PAStore Engine failed to load local storage IPsec policy on the computer\r\nWindows 5473 PAStore Engine loaded directory storage IPsec policy on the computer\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 15 of 18\n\nWindows 5474 PAStore Engine failed to load directory storage IPsec policy on the computer\r\nWindows 5477 PAStore Engine failed to add quick mode filter\r\nWindows 5478 IPsec Services has started successfully\r\nWindows 5479 IPsec Services has been shut down successfully\r\nWindows 5480 IPsec Services failed to get the complete list of network interfaces on the computer\r\nWindows 5483 IPsec Services failed to initialize RPC server. IPsec Services could not be started\r\nWindows 5484 IPsec Services has experienced a critical failure and has been shut down\r\nWindows 5485\r\nIPsec Services failed to process some IPsec filters on a plug-and-play event for network\r\ninterfaces\r\nWindows 5632 A request was made to authenticate to a wireless network\r\nWindows 5633 A request was made to authenticate to a wired network\r\nWindows 5712 A Remote Procedure Call (RPC) was attempted\r\nWindows 5888 An object in the COM+ Catalog was modified\r\nWindows 5889 An object was deleted from the COM+ Catalog\r\nWindows 5890 An object was added to the COM+ Catalog\r\nWindows 6144 Security policy in the group policy objects has been applied successfully\r\nWindows 6145 One or more errors occured while processing security policy in the group policy objects\r\nWindows 6272 Network Policy Server granted access to a user\r\nWindows 6273 Network Policy Server denied access to a user\r\nWindows 6274 Network Policy Server discarded the request for a user\r\nWindows 6275 Network Policy Server discarded the accounting request for a user\r\nWindows 6276 Network Policy Server quarantined a user\r\nWindows 6277\r\nNetwork Policy Server granted access to a user but put it on probation because the host\r\ndid not meet the defined health policy\r\nWindows 6278\r\nNetwork Policy Server granted full access to a user because the host met the defined\r\nhealth policy\r\nWindows 6279\r\nNetwork Policy Server locked the user account due to repeated failed authentication\r\nattempts\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 16 of 18\n\nWindows 6280 Network Policy Server unlocked the user account\r\nWindows 6281 Code Integrity determined that the page hashes of an image file are not valid...\r\nWindows 6400\r\nBranchCache: Received an incorrectly formatted response while discovering availability\r\nof content.\r\nWindows 6401 BranchCache: Received invalid data from a peer. Data discarded.\r\nWindows 6402 BranchCache: The message to the hosted cache offering it data is incorrectly formatted.\r\nWindows 6403\r\nBranchCache: The hosted cache sent an incorrectly formatted response to the client's\r\nmessage to offer it data.\r\nWindows 6404\r\nBranchCache: Hosted cache could not be authenticated using the provisioned SSL\r\ncertificate.\r\nWindows 6405 BranchCache: %2 instance(s) of event id %1 occurred.\r\nWindows 6406 %1 registered to Windows Firewall to control filtering for the following:\r\nWindows 6407 %1\r\nWindows 6408\r\nRegistered product %1 failed and Windows Firewall is now controlling the filtering for\r\n%2.\r\nWindows 6409 BranchCache: A service connection point object could not be parsed\r\nWindows 6410\r\nCode integrity determined that a file does not meet the security requirements to load into\r\na process. This could be due to the use of shared sections or other issues\r\nWindows 6416 A new external device was recognized by the system.\r\nWindows 6417 The FIPS mode crypto selftests succeeded\r\nWindows 6418 The FIPS mode crypto selftests failed\r\nWindows 6419 A request was made to disable a device\r\nWindows 6420 A device was disabled\r\nWindows 6421 A request was made to enable a device\r\nWindows 6422 A device was enabled\r\nWindows 6423 The installation of this device is forbidden by system policy\r\nWindows 6424\r\nThe installation of this device was allowed, after having previously been forbidden by\r\npolicy\r\nWindows 8191 Highest System-Defined Audit Message Value\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 17 of 18\n\nSource: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\r\nPage 18 of 18",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/"
	],
	"report_names": [
		"encyclopedia"
	],
	"threat_actors": [],
	"ts_created_at": 1775434866,
	"ts_updated_at": 1775791220,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ad5aa9cfa47744aaff8251d2779229a2595ee935.pdf",
		"text": "https://archive.orkl.eu/ad5aa9cfa47744aaff8251d2779229a2595ee935.txt",
		"img": "https://archive.orkl.eu/ad5aa9cfa47744aaff8251d2779229a2595ee935.jpg"
	}
}