What is the Event Viewer telling me?

  • Thread starter Thread starter Lorne
  • Start date Start date
L

Lorne

I just found the event viewer in the program menu under admin tools. When I
click the Security tab it lists what looks like a series of network events.
User is shown as me, system, network services, local service or guest most
of the time. Guest appears to be when another computer on my network (2
other family members) accesses my disk. Event numbers are usually 528 or
576 or 850 or 849 or 680 plus a few others.

My concern is that every few hours there is an entry of event 540 with user
Anonymous Logon ! Properties says logon type = 3 and windows help says that
is somebody on the network logging in, but this is happening when only me is
using the computer and nothing else on the network is switched on.

I have not noticed anything going on that is suspicious but this entry in
the event viewer certainly does look suspicious. I have also seen that in
the applications tab WMDM PMSP Service is starting 2 seconds before every
anonymous login. There is an article about a security hole related to Media
Player & this service but I do have all the critical updates installed as
far as I know.

Have I been hacked or is there an innocent explanation?
 
Lorne said:
I just found the event viewer in the program menu under admin tools.
When I click the Security tab it lists what looks like a series of
network events. User is shown as me, system, network services, local
service or guest most of the time. Guest appears to be when another
computer on my network (2 other family members) accesses my disk.
Event numbers are usually 528 or 576 or 850 or 849 or 680 plus a few
others.

My concern is that every few hours there is an entry of event 540 with
user Anonymous Logon ! Properties says logon type = 3 and windows
help says that is somebody on the network logging in, but this is
happening when only me is using the computer and nothing else on the
network is switched on.

I have not noticed anything going on that is suspicious but this entry
in the event viewer certainly does look suspicious. I have also seen
that in the applications tab WMDM PMSP Service is starting 2 seconds
before every anonymous login. There is an article about a security
hole related to Media Player & this service but I do have all the
critical updates installed as far as I know.

Have I been hacked or is there an innocent explanation?
Click to expand...

Consensus seems to be that this is "normal" and relates to mapping a
network drive.
http://www.dslreports.com/forum/remark,6550262~root=security,1~mode=flat
http://tinyurl.com/7ylkj

Double-click the event, scroll down to the bottom of the list for the
URL for additional information. Logon type 3 is Network Logon.

Since I am convinced via firewall logging that this event is not
external to my computer and it occurs on all three LAN computers, I'm
going with the pack that this is innocuous. I trust "pack" is not the
same as "sheep"!

Q
 
Many thanks. I was thinking it was innocent since I have a router firewall,
zone alarm, spy sweeper & MacAfee running but wanted to know for peace of
mind.

I think that it is mapped drives on the other computers that read my shred
documents via a mapping, and as one reply in that news group says the event
is not a user logon code.

Regards, Lorne
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What is the event Viewer telling me? 7
Event Viewer Errors WinXP client Win2K domain controller 1
Account Logon in Event Viewer... 1
blocking workstation logons 5
Event viewer errors, roaming profile problems XPsp2, W2k domain 3
Possible Hacking attempt 5
TermDD Event ID 50 0
Explain network errors in event log? 1

Back
Top