Hi,
Am receiving frequent security audit failures under the category 5038& 5061 in my windows 10 PC.The version iam using is 1903.Can anybody tell me the reason behind the failures in the audit as i couldn't find solution through googling.Another important think is that the error doesn't happened in the previous version 1803 and below that.
Thanks in advance
Hi,
Just want to confirm the current situations.
If the event was stopped if you disable the audit policy.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,
Hi,
A failure audit event is triggered when a defined action, such as a user logon, is not completed successfully.
The appearance of failure audit events in the event log does not necessarily mean that something is wrong with your system. For example, if you configure Audit Logon events, a failure event may simply mean that a user mistyped his or her password.
Check the local group policy if any audit policy was configured.
Best Regards,
But actually, 4625 denotes audit failure for user logon error.What about 5061 and 5038 event ids.??
Hi,
5061(S, F): Cryptographic operation.
This event generates when a cryptographic operation (open key, create key, create key, and so on) was performed using a Key Storage Provider (KSP). This event generates only if one of the following KSPs were used:
Microsoft Software Key Storage Provider
Microsoft Smart Card Key Storage Provider
For your reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5061
5038 This event generates by Code Integrity feature, if signature of a file is not valid.
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5038
Please check if the Audit System Integrity (determines whether the operating system audits events that violate the integrity of the security subsystem) was configured on the local group policy.
Best Regards,
6 people are following this question.
