Many ANONYMOUS LOGON in Security Event Log

[Guest]

Hi, I am using XP home + SP2. I happen to see there are many ANONYMOUS LOGON
in Security Event Log. The Event ID is 538 or 540 ( logon/off according to
google). Does this indicate some security problem in my computer?

I've been very sensitive after being infected by malwares recently. My
current system should be clean. But I hope to make sure.

 

[Carey Frisch [MVP]]

Managing Anonymous Logons
http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prdd_sec_rqzo.asp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

---------------------------------------------------------------------------------

:

| Hi, I am using XP home + SP2. I happen to see there are many ANONYMOUS LOGON
| in Security Event Log. The Event ID is 538 or 540 ( logon/off according to
| google). Does this indicate some security problem in my computer?
|
| I've been very sensitive after being infected by malwares recently. My
| current system should be clean. But I hope to make sure.

 

[Guest]

Hi, I think you didn't notice I use XP home, which doesn't have Local
Security Policy in Administrative Tools.

 

[Carey Frisch [MVP]]

To install an IP Security Policy Management snap-in XP Home:

1. Click Start, and then click Run.
2. In the Open box, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in.
4. Click Add, and then double-click IP Security Policy Management.
5. Follow the instructions on your screen.

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

--------------------------------------------------------------------------------------

:

| Hi, I think you didn't notice I use XP home, which doesn't have Local
| Security Policy in Administrative Tools.

 

[Colin Nash [MVP]]

Hi, I am using XP home + SP2. I happen to see there are many ANONYMOUS
LOGON
in Security Event Log. The Event ID is 538 or 540 ( logon/off according to
google). Does this indicate some security problem in my computer?

I've been very sensitive after being infected by malwares recently. My
current system should be clean. But I hope to make sure.

Are you networked with any other computers in your home?

 

[Guest]

Yes. I have other two computers at home. But At that time when I noticed
Anonymous Logon Event, both of them are not on.

 

[Guest]

Hi, I've added IP Security Policy Management. But I didn't see any
instructions on my screen. What should I do next? Thanks.

 

[Guest]

Can you explain what is anonymous logon/logoff and why it happens all the
time? Thank you very much.

 

[Guest]

Hi, Colin. Below this the info from the Event Viewer. I've googled NtLmSsp
but didn't find very instructive info. Can you have a look and give some
explanation?

Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x13711)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}