Windows Security Breached?

[Bad boy Warrior]

I have 2 partitions one running XP and other Vista. I have Kaspersky AV (which also includes a firewall) I received the following errors when viewing the security log for XP

Event Type: Failure Audit

Event Source: Security

Event Category: Object Access

Event ID: 560

Date: 17/08/2007

Time: 21:11:32

User: XP\Administrator

Computer: OPTIPLEX

Description:

Object Open:

Object Server: Security

Object Type: File

Object Name: D:\Windows\winsxs\x86_microsoft-windows-help-deskpr.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d7d11cec3425b9ce\deskpr.h1s

Handle ID: -

Operation ID: {0,7896835}

Process ID: 272

Image File Name: E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

Primary User Name: Machine1$

Primary Domain: Domain

Primary Logon ID: (0x0,0x3A7)

Client User Name: Administrator

Client Domain: Machine1

Client Logon ID: (0x0,0x3E75B7)

Accesses: READ_CONTROL

SYNCHRONIZE

ReadData (or ListDirectory)

ReadEA

ReadAttributes

WriteAttributes

Privileges: -

Restricted Sid Count: 0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Theres a few hundred logged with similar messages - whats this about? Should i be worried about it?

Cheers

[cluberti]

Assuming XP is installed to C:\Windows, it looks like (from the version of the file listed, the 6.0.16386 version of deskpr.h1s) the Kapersky avp.exe process attempted to read a file from the Vista install, and failed to do so with a security audit warning. I'm not sure how normal it is, but it looks like either you are logged on as administrator when it happens, or the avp.exe binary is running as the administrator account.

Hard to say if it's "bad" or not, but usually a failure audit from an A/V package happens when it's scanning your drives, and if it cannot access a file (or you have auditing enabled to capture failed read access), this can happen. It doesn't look like a problem, honestly.