cancel
Showing results for 
Search instead for 
Did you mean: 

mfevtp and Failure Audit

Hello all,

I am currently receiving a Failure Audit (Event ID 560) in my Windows Security log for Object Name: mfevtp on a Server 2003 system running VSE Patch 2.  I was able to find KB51187 that says that the event can be safely ignored for Object Name: McShield.  Can this be safely ignored as well?  The alert is listed below:

EventType:        Failure Audit

Event Source:   Security

EventCategory:               Object Access

EventID:             560

Date:                    5/19/2014

Time:                    1:54:02 PM

User:                    NT AUTHORITY\SYSTEM

Computer:         SystemName

Description:

Object Open:

              Object Server:   SC Manager

              Object Type:      SERVICE OBJECT

              Object Name:    mfevtp

              Handle ID:           -

              Operation ID:     {0,3097403}

              Process ID:          488

              Image FileName:            C:\WINDOWS\system32\services.exe

              Primary User Name:       UserName

              PrimaryDomain:             Domain

              Primary LogonID:           (0x0,0x3E7)

              Client User Name:          UserName

              Client Domain:  ClientDomain

              Client Logon ID:               (0x0,0x3E7)

              Accesses:           DELETE

                                                WRITE_OWNER

                                                Queryservice configuration information

                                                Setservice configuration information

                                                Querystatus of service

                                                Enumeratedependencies of service

                                                Startthe service

                                                Stopthe service

                                                Pauseor continue the service

                                                Queryinformation from service

                                                Issueservice-specific control commands

                Privileges:          -

              Restricted Sid Count:      0

              Access Mask:     0x901FF