Forum

Ultimate Windows Security Forum » Security Log » 515 - A trusted logon process has registered... » 515 as noise?

515 as noise?

Rate Topic

Display Mode

Topic Options

Author

Message

jwalzer

Posted 7/30/2010 10:28:30 AM

Forum Member

Group: Forum Members
Last Login: 2/24/2012 7:49:27 PM
Posts: 26, Visits: 12

Randy,

Can the 515 event be considered noise and ignored, or can something be had out of collecting and processing these events?

Thx,
Jeff

Post #420

RandyFranklinSmith

Posted 8/28/2010 4:44:21 PM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0

The only way this would be valuable to monitor is if you baselined all of the trusted logon processes reported by this event on a clean computer over a few days time. Then alert when a new logon process shows up. Very unlikely you will get such an alert but would indicate a significant new piece of software had been installed or you were victim of a extremely sophisticated attack

Post #437

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 3:10pm

Upcoming Webinars

Pivoting from Linux to Windows: Using Behavior to Detect Intrusions Involving Edge Devices

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.