Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 6.3.2025 / 08:31
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > cancel or allow - cmd audit success
Show topics
 
Forums
Forums
Cancel Or allow - CMD audit success
  Jump to:
 
Posted Message
0din
Newbie
_ 		16. September 2008 @ 21:48 _ Link to this message    Send private message to this user   
Hello,
I recently bought a new PC with vista home premium

I am a pretty techy guy
I mainly game and (torrent)
I was watching Cowboy Bebop and
the security thing came up asking if CMD.exe could run
I said no for obvious reasons
I was suspicious that something was wrong so I went to the event viewer to check stuff out to see what happened

This is what I got when it happened:
(
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 9/16/2008 6:35:00 PM
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: odin-pc
Description:
Special privileges assigned to new logon.

Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4672</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12548</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2008-09-17T01:35:00.994Z" />
<EventRecordID>2087</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="1408" />
<Channel>Security</Channel>
<Computer>odin-pc</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">SYSTEM</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege</Data>
</EventData>
</Event>
)

It said something about Audit success WTF does that mean?
Is something wrong? Was I successfully exploited from the outside X_x
I'm not a noob I'm just new to Vista any help would be appreciated
[ + quote]
I hate people with blue skin.
____________________________________

n00b: "is that an Ipod?"
0din: "NO ITS A ZUNE YOU FECKING N00b!"
2oldGeek
AfterDawn Addict
_ 		17. September 2008 @ 02:39 _ Link to this message    Send private message to this user   
Windows NT comes with two "command line shells" -- one called CMD.EXE and the other called COMMAND.COM

They are Legitimate System files?.

What you are experiencing is the great Vista security crap! A program wanted to use the cmd.exe command for whatever and Vista felt it necessary to ask your permission.

Get use to it?.. it will be a little while longer before M$ comes out with a new OS that will be better than Vista but I hear it?s in the works.







2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > cancel or allow - cmd audit success
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork