Windows 8 and 8.1 Forums


Event ID 4797

Page 1 of 6 123 ... LastLast
  1. #1



    Member

    Join Date : Jan 2013
    Posts : 66
    Windows 8.1 Pro 64-bit

    Event ID 4797


    I get these from time to time:

    Event ID 4797

    An attempt was made to query the existence of a blank password for an account.

    Subject:
    Security ID: XXXXXXX\XX
    Account Name: XX
    Account Domain: XXXXXXX
    Logon ID: 0x53656

    Additional Information:
    Caller Workstation: XXXXXXX
    Target Account Name: Guest
    I run Kaspersky AV 2013, UAC set to always alert, user account is password protected, and built-in Admin/Guest accounts are disabled by default. Does anyone else get these? The description makes me a tad uneasy. Both KAV and MBAM say my system is clean. No odd behavior witnessed from the machine. I have the following programs installed:

    Adobe Flash 11
    Adobe Reader XI
    Firefox 18.01
    VMWARE Player
    Paint.NET 3.5.10
    Office 2007
    Power Archiver 2012
    Malwarebytes
    KAV 2013
    Microsoft Visual C++ 2008 x86/x64
    Imgburn
    Syncback SE
    Last edited by vram; 29 Jan 2013 at 09:03 PM.
      My System SpecsSystem Spec

  2. #2
    DrHaze's Avatar

    Member

    Join Date : Jan 2013
    Posts : 26
    Windows 8 X64 Pro

    I get them on two Windows 8 Pro x64 Machines As well...


    sometimes after i reboot.
    But other times a day may go by then suddenly it questions the administrator, guest and the two other accounts on the pc with the message in the security event viewer log.
    An attempt was made to query the existence of a blank password for an account.
    You are the first person I have found so far that has the identical problem.
    I have Avast Antivirus and Comodo Firewall 6.0 build 2674 on both PC's.
    I Do Not have any VMPLAYER OR WMWARE anything installed.
    I am uneasy as well. I want an Answer to this. But no one seems to have the Answer.

    i get Logon ID: 0x481F8E

    I do not have VMPLAYER installed, I have zero VM software installed.. But Comodo has their new Virtual Kiosk Virtual Environment Maybe their is a link to a component they are using but i don't Know. No one in the Comodo forums has this problem so i Don't think it's their Virtual Kiosk.
    Last edited by DrHaze; 03 Feb 2013 at 11:02 PM.
      My System SpecsSystem Spec

  3. #3



    Member

    Join Date : Jan 2013
    Posts : 66
    Windows 8.1 Pro 64-bit


    Quote Originally Posted by DrHaze View Post
    sometimes after i reboot.
    But other times a day may go by then suddenly it questions the administrator, guest and the two other accounts on the pc with the message in the security event viewer log.
    An attempt was made to query the existence of a blank password for an account.
    You are the first person I have found so far that has the identical problem.
    I have Avast Antivirus and Comodo Firewall 6.0 build 2674 on both PC's

    I'm going to uninstall VMWARE and see if they disappear. Do you have Visual C++ 2008 Redist installed? I ask because VMWARE installs that as well.
    Last edited by vram; 29 Jan 2013 at 09:05 PM.
      My System SpecsSystem Spec

  4. #4
    DrHaze's Avatar

    Member

    Join Date : Jan 2013
    Posts : 26
    Windows 8 X64 Pro

    Yes C++ 2008 Look at attached Screenshot


    Yes I have a variety of Visual C++ installed see attached screenshot. It doesn't sound like Vmware. This problem must just be starting to happen and we are the first. Or maybe one of the c++? i can't see how that would do it. It's been going on for a week if i were to guess maybe a little longer..
    Attached Thumbnails Attached Thumbnails Click image for larger version  
      My System SpecsSystem Spec

  5.   

  6. #5



    Member

    Join Date : Jan 2013
    Posts : 66
    Windows 8.1 Pro 64-bit


    Hmmm.....I'm wondering if thats what it actually is seeing as that is the only commonality we both share other than the OS.
      My System SpecsSystem Spec

  7. #6
    DrHaze's Avatar

    Member

    Join Date : Jan 2013
    Posts : 26
    Windows 8 X64 Pro


    Did you mark this thread as solved?I don't think it solved by a long shot. I am Windows 8 Pro x64 are you Pro x64 too?
      My System SpecsSystem Spec

  8. #7



    Member

    Join Date : Jan 2013
    Posts : 66
    Windows 8.1 Pro 64-bit


    Quote Originally Posted by DrHaze View Post
    Did you mark this thread as solved?I don't think it solved by a long shot. I am Windows 8 Pro x64 are you Pro x64 too?
    After your post, I changed it back to unsolved pending further investigation.

    Yes, I'm also running 64-bit Windows 8 Pro. I've uninstalled VMWARE, keeping the Visual C++ 2008 Redist. Going to monitor for a bit and see if the Event pops back up.
      My System SpecsSystem Spec

  9. #8
    DrHaze's Avatar

    Member

    Join Date : Jan 2013
    Posts : 26
    Windows 8 X64 Pro


    Great. Maybe some one will reply to us in these forums. There no real hits in Google on this. You would figure a Microsoft knowledge base atricle would popup but not a one yet. That's three PC's One Intel core 2 Quad, One AMD Phenom x4, and your PC.
    so monitor your system after vmware is removed. and let me know what happens. I believe something new is happening. I sure hope not.All 3 are running Windows 8 x64 Pro. Both of mine are upgrades from Windows 7 x64. I am assuming you are a clean install or is yours a Win 8 Pro x64 Upgrade as well?Yeah I have a Avast Antivirus, Comodo 6 Firewall, and a hardware Firewall as well. I too periodically image my system to another hard drive with Acronis True Image Home.My windows firewall service is disabled and my windows defender service is disabled.After I started seeing this in the event viewer i enabled group policy to audit logins. check this link out. How To See Who Logged Into a Computer and When - How-To Geek
      My System SpecsSystem Spec

  10. #9



    Member

    Join Date : Jan 2013
    Posts : 66
    Windows 8.1 Pro 64-bit


    Quote Originally Posted by DrHaze View Post
    Great. Maybe some one will reply to us in these forums. There no real hits in Google on this. You would figure a Microsoft knowledge base atricle would popup but not a one yet. That's three PC's One Intel core 2 Quad, One AMD Phenom x4, and your PC.
    so monitor your system after vmware is removed. and let me know what happens. I believe something new is happening. I sure hope not.All 3 are running Windows 8 x64 Pro. Both of mine are upgrades from Windows 7 x64. I am assuming you are a clean install or is yours a Win 8 Pro x64 Upgrade as well?
    Mine was an upgrade, but I didn't keep anything other than my files, so its essentially a clean install. This system was also re-imaged the other day and I didn't start browsing the net till all updates were applied and KAV 2013 was installed. My system is also behind a hardware firewall in addition to the built-in Windows firewall.


    No more 4797 IDs as of yet...


    Thanks for the link. I enabled logging as well
    Last edited by vram; 28 Jan 2013 at 08:40 PM.
      My System SpecsSystem Spec

  11. #10
    DrHaze's Avatar

    Member

    Join Date : Jan 2013
    Posts : 26
    Windows 8 X64 Pro


    I just saw all of my accounts get questioned again with the 4797 ID. I have not rebooted. Maybe you will get lucky. i will not.

    I looked on my AMD PC and it has not happened in a few days. I thoroughly went through the startup process and apparently i unchecked something the other day. I was using comodo autorun analyzer. I did however see that this started on 11/20/2012 in the event viewer on the amd which is the day i upgraded the amd from windows 7 to windows 8. So far I am only seeing it on the intel core 2 quad happening now.
      My System SpecsSystem Spec

Page 1 of 6 123 ... LastLast
Event ID 4797
Similar Threads
Thread Forum
Event viewer id help please Performance & Maintenance
Event 98 Drivers & Hardware
Event Viewer - Event Log Online Help Performance & Maintenance
Solved Event logs Performance & Maintenance
Event Error BSOD Crashes and Debugging

Eight Forums Android App Eight Forums IOS App Follow us on Facebook