Bad boy Warrior Posted August 18, 2007 Share Posted August 18, 2007 I have 2 partitions one running XP and other Vista. I have Kaspersky AV (which also includes a firewall) I received the following errors when viewing the security log for XPEvent Type: Failure AuditEvent Source: SecurityEvent Category: Object Access Event ID: 560Date: 17/08/2007Time: 21:11:32User: XP\AdministratorComputer: OPTIPLEXDescription:Object Open: Object Server: Security Object Type: File Object Name: D:\Windows\winsxs\x86_microsoft-windows-help-deskpr.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d7d11cec3425b9ce\deskpr.h1s Handle ID: - Operation ID: {0,7896835} Process ID: 272 Image File Name: E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe Primary User Name: Machine1$ Primary Domain: Domain Primary Logon ID: (0x0,0x3A7) Client User Name: Administrator Client Domain: Machine1 Client Logon ID: (0x0,0x3E75B7) Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Theres a few hundred logged with similar messages - whats this about? Should i be worried about it?Cheers Link to comment Share on other sites More sharing options...
cluberti Posted August 18, 2007 Share Posted August 18, 2007 Assuming XP is installed to C:\Windows, it looks like (from the version of the file listed, the 6.0.16386 version of deskpr.h1s) the Kapersky avp.exe process attempted to read a file from the Vista install, and failed to do so with a security audit warning. I'm not sure how normal it is, but it looks like either you are logged on as administrator when it happens, or the avp.exe binary is running as the administrator account.Hard to say if it's "bad" or not, but usually a failure audit from an A/V package happens when it's scanning your drives, and if it cannot access a file (or you have auditing enabled to capture failed read access), this can happen. It doesn't look like a problem, honestly. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now