I used Zone Alarm security and suspect I inadvertantly allowed a malicious
login into my trust local network. The event log read:
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 1/23/2006
Time: 12:18:12 AM
User: ZZTOP\SEC
Computer: ZZTOP
Description:
A provider, OffProv10, has been registered in the WMI namespace,
Root\MSAPPS10, but did not specify the HostingModel property. This provider
will be run using the LocalSystem account. This account is privileged and
the provider may cause a security violation if it does not correctly
impersonate user requests. Ensure that provider has been reviewed for
security behavior and update the HostingModel property of the provider
registration to an account with the least privileges possible for the
required functionality.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Thank you!

Steve

OffProv10 is for Microsoft Office XP = Microsoft Word 2002 = 10

OFFPRV10.EXE is Office Data Provider for WBEM
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPRV10.EXE

OFFPRV10.DLL is Office Data Provider Proxy/Stub
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPRV10.DLL

Event ID 63 occurs when you run the Microsoft System Information program
from Office 2003
http://support.microsoft.com/default...scid=kb/891642

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:54E70A31-8875-43D5-81A4-(E-Mail Removed),
Steve C. <Steve C.@discussions.microsoft.com> hunted and pecked:
> I used Zone Alarm security and suspect I inadvertantly allowed a malicious
> login into my trust local network. The event log read:
> Event Type: Warning
> Event Source: WinMgmt
> Event Category: None
> Event ID: 5603
> Date: 1/23/2006
> Time: 12:18:12 AM
> User: ZZTOP\SEC
> Computer: ZZTOP
> Description:
> A provider, OffProv10, has been registered in the WMI namespace,
> Root\MSAPPS10, but did not specify the HostingModel property. This
> provider will be run using the LocalSystem account. This account is
> privileged and the provider may cause a security violation if it does not
> correctly impersonate user requests. Ensure that provider has been
> reviewed for security behavior and update the HostingModel property of
> the provider registration to an account with the least privileges
> possible for the required functionality.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Thank you!
>
> Steve

Thank you Wesley!

"Wesley Vogel" wrote:

> OffProv10 is for Microsoft Office XP = Microsoft Word 2002 = 10
>
> OFFPRV10.EXE is Office Data Provider for WBEM
> C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPRV10.EXE
>
> OFFPRV10.DLL is Office Data Provider Proxy/Stub
> C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPRV10.DLL
>
> Event ID 63 occurs when you run the Microsoft System Information program
> from Office 2003
> http://support.microsoft.com/default...scid=kb/891642
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:54E70A31-8875-43D5-81A4-(E-Mail Removed),
> Steve C. <Steve C.@discussions.microsoft.com> hunted and pecked:
> > I used Zone Alarm security and suspect I inadvertantly allowed a malicious
> > login into my trust local network. The event log read:
> > Event Type: Warning
> > Event Source: WinMgmt
> > Event Category: None
> > Event ID: 5603
> > Date: 1/23/2006
> > Time: 12:18:12 AM
> > User: ZZTOP\SEC
> > Computer: ZZTOP
> > Description:
> > A provider, OffProv10, has been registered in the WMI namespace,
> > Root\MSAPPS10, but did not specify the HostingModel property. This
> > provider will be run using the LocalSystem account. This account is
> > privileged and the provider may cause a security violation if it does not
> > correctly impersonate user requests. Ensure that provider has been
> > reviewed for security behavior and update the HostingModel property of
> > the provider registration to an account with the least privileges
> > possible for the required functionality.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > Thank you!
> >
> > Steve
>
>