cancel
Showing results for 
Search instead for 
Did you mean: 
KUNON
Level 7

Attack Event Log Guest Access Enabled detected from NT Authority

I found some problem about Host IPS, You can see the attached images.

We found this attack every clients, Who can explain this attack I don't know how I fix this ploblem.

status02.jpgstatus01.jpg

please suggest to solve this.

0 Kudos
1 Reply
bgable
Level 11

Re: Attack Event Log Guest Access Enabled detected from NT Authority

Reviewing old posts:

Signature 915 - Event log guest access enabled.

This event indicates an attempt to enable Guest access to one of the Windows NT Event Logs. The following three registry keys are located under the EventLog registry key: Application, Security, and System. These keys are found on every Windows system, and each key contains its own log settings. There may be additional keys such as Directory Service Log, DNS Service Log, and others.
Each of these keys contains a RestrictGuestAccess value that controls whether a Guest user has access to Event Log information. Allowing Guest access to the Event Log files typically eases the access restrictions on these files, and indicates an attempt to cover an attacker's tracks.

0 Kudos