How can I tell from my event viewer if somone is trying or has hacked my system?

  • Thread starter Thread starter Bert
  • Start date Start date
B

Bert

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 10/21/2003
Time: 12:21:21 AM
User: NT AUTHORITY\SYSTEM
Computer:
Description:
A trusted logon process has registered with the Local
Security Authority. This logon process will be trusted to
submit logon requests.

Logon Process Name: KSecDD

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
 
If you are being hacked you will see logon failures or logons from users at times
when that user would not normally be using the computer, possibly showing strange
computer/domain names. Your best defense is a properly configured firewall, an
account lockout policy with say ten attempt threshold and ten minute lockout to
thwart dictionary/brute force attacks, and use complex passwords - particularly for
the built in administrator account which will be the top target and can not be locked
out, unless you use passprop to lock it out from network logons. --- Steve
 
Back
Top