Event ID 4797

[vram]

I checked my logs and see the same error message on both my desktop and notebook. 61 events in the last hour, hundreds in the last week. They're showing up under the "Audit Success" event type. The "Target Account Name" on both machines is "HomeGroupUser$". Both machines are part of my HomeGroup. Both machines show no infections after scanning with both NOD32 & Malwarebytes.

Thats encouraging news. Perhaps this isn't uncommon or suspicious at all. Hopefully Kaspersky will say yay or nay on the issue.

 

[DrHaze]

Yes it is. His avatar says he is running Windows 8 x64 Enterprise not Professional

 

[vram]

Yes it is. His avatar says he is running Windows 8 x64 Enterprise not Professional

Not sure what you mean. Enterprise or Pro shouldn't matter in this case.

 

[DrHaze]

True it shouldn't I can't the view that kapersky forum posting anymore what did the say is your post still active?
Did Kapersky say Yay or Nay we won't look into this?

 

[vram]

True it shouldn't I can't the view that kapersky forum posting anymore what did the say is your post still active?
Did Kapersky say Yay or Nay we won't look into this?

They haven't responded yet:

Event ID 4797 - Think I might be infected but unsure - Kaspersky Lab Forum

 

[shebee]

I have the exact same problem.
Same event, bombing my administrator account multiple times within like 30 seconds.
I also noticed a system hang during that time but I'm not yet sure if it is related to this event in any way.

 

[vram]

I have the exact same problem.
Same event, bombing my administrator account multiple times within like 30 seconds.
I also noticed a system hang during that time but I'm not yet sure if it is related to this event in any way.

I've not experienced any hangs or bahavior issues with my PC other than the suspicious event logs. Can you list what applications you have installed? I did have to uninstall Malwarebytes thought as it causes compatibility problems with Kaspersky. It wasn't detecting malware anyway.



No one has reponded to my post in Kaspesky's forum, so no news on my end. I ran scans using Eset's online scanner and also with SuperAntispyware and they come up clean as well.

Perhaps others here should start topics over at their respective AV vendor? The more eyes we have on this, the quicker we get it resolved.

 

[shebee]

I have the exact same problem.
Same event, bombing my administrator account multiple times within like 30 seconds.
I also noticed a system hang during that time but I'm not yet sure if it is related to this event in any way.

I've not experienced any hangs or bahavior issues with my PC other than the suspicious event logs. Can you list what applications you have installed? I did have to uninstall Malwarebytes thought as it causes compatibility problems with Kaspersky. It wasn't detecting malware anyway.



No one has reponded to my post in Kaspesky's forum, so no news on my end. I ran scans using Eset's online scanner and also with SuperAntispyware and they come up clean as well.

Perhaps others here should start topics over at their respective AV vendor? The more eyes we have on this, the quicker we get it resolved.

I don't believe my system hangs are related to my events to be honest.
My system hangs started after I re formatted my computer installing windows 7, right from the start. I thought it's just some weird software issue but they happen in windows 8 as well.

I'm using windows defender atm.

 

[vram]

I have the exact same problem.
Same event, bombing my administrator account multiple times within like 30 seconds.
I also noticed a system hang during that time but I'm not yet sure if it is related to this event in any way.

I've not experienced any hangs or bahavior issues with my PC other than the suspicious event logs. Can you list what applications you have installed? I did have to uninstall Malwarebytes thought as it causes compatibility problems with Kaspersky. It wasn't detecting malware anyway.



No one has reponded to my post in Kaspesky's forum, so no news on my end. I ran scans using Eset's online scanner and also with SuperAntispyware and they come up clean as well.

Perhaps others here should start topics over at their respective AV vendor? The more eyes we have on this, the quicker we get it resolved.

I don't believe my system hangs are related to my events to be honest.
My system hangs started after I re formatted my computer installing windows 7, right from the start. I thought it's just some weird software issue but they happen in windows 8 as well.

I'm using windows defender atm.

Can you list all programs you have installed?

 

[shebee]

I've not experienced any hangs or bahavior issues with my PC other than the suspicious event logs. Can you list what applications you have installed? I did have to uninstall Malwarebytes thought as it causes compatibility problems with Kaspersky. It wasn't detecting malware anyway.



No one has reponded to my post in Kaspesky's forum, so no news on my end. I ran scans using Eset's online scanner and also with SuperAntispyware and they come up clean as well.

Perhaps others here should start topics over at their respective AV vendor? The more eyes we have on this, the quicker we get it resolved.

I don't believe my system hangs are related to my events to be honest.
My system hangs started after I re formatted my computer installing windows 7, right from the start. I thought it's just some weird software issue but they happen in windows 8 as well.

I'm using windows defender atm.

Can you list all programs you have installed?

Uhh, what for?

 

[Phone Man]

I have those same events but I believe this is normal. It looks to me that windows is doing a security audit to see if any of your accounts have blank passwords which could be a security risk. It checks my Admin and Guest accounts which do have passwords and the event says "Audit success". I would think that if you have a blank password on an account it would raise an event to let you know.

Jim

 

[vram]

I don't believe my system hangs are related to my events to be honest.
My system hangs started after I re formatted my computer installing windows 7, right from the start. I thought it's just some weird software issue but they happen in windows 8 as well.

I'm using windows defender atm.

Can you list all programs you have installed?

Uhh, what for?

Just comparing what programs we might share in common to determine a pattern.

I have those same events but I believe this is normal. It looks to me that windows is doing a security audit to see if any of your accounts have blank passwords which could be a security risk. It checks my Admin and Guest accounts which do have passwords and the event says "Audit success". I would think that if you have a blank password on an account it would raise an event to let you know.

Jim

Unfortunately, that's not the case. I just enabled my guest account w/ no password, rebooted and the same event showed back up, just like always with no failed audits or warnings about vulnerable accounts of any kind.

 

[DrHaze]

It's definitely not normal. Read back a few replies. 61 times in what? Hundreds in weeks?
Windows 8 Event ID 4797 in Security Log
Microsoft people don't reply...

 

[vram]

It's definitely not normal. Read back a few replies. 61 times in what? Hundreds in weeks?
Windows 8 Event ID 4797 in Security Log
Microsoft people don't reply...

Have you by chance started a discussion about this over @ Avast's forum? Kaspersky still hasn't responded too me.

 

[DrHaze]

I will start one in a few minutes..in the avast forum

here is the link

http://forum.avast.com/index.php?topic=114119.0

 

[DrHaze]

Windows 8 Event ID 4797 in Security Log

one guy says it's a root kit

Both Of my PC's with 4797 came back clean with the malwarebytes anti root kit utility

 

[vram]

Windows 8 Event ID 4797 in Security Log

one guy says it's a root kit

Both Of my PC's with 4797 came back clean with the malwarebytes anti root kit utility

MBAR says system is clean. Autoruns also indicates there are no App_init DLLs.

I sent an email directly to Kaspersky Support hoping they will respond. They're about 3 days away from me re-imaging my PC.

 

[WiFi Ed]

MBAR found nothing on my PC's either.

I'm thinking we're going to find out it's just Windows being well, you know, Windows.
:huh:

 

[vram]

MBAR found nothing on my PC's either.

I'm thinking we're going to find out it's just Windows being well, you know, Windows.
:huh:

I remain skeptical as well. I hope you're right.

 

[DrHaze]

Yea is this a new feature that even Microsoft won't comment on in their own forums...
61 times..hundreds in weeks? My moms windows 8 home is even doing it. It's definitely solely related to windows 8 that i can see any Windows 7 users out there with 4797's??????????
I checked Dad's Windows 7 Home Premium. Not a single 4797 in it.