Event log partially emptied - attack?

Discussion in 'other security issues & news' started by lunarlander, Jan 13, 2019.

  1. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    326
    Hi,

    I have a Win 10 Pro v1809 and a Win 10 Enterprise trial v1809, both have account logon events ID 4672 emptied. When I sign on, it only shows today's logon entries. This is a definite intrusion, right? Just want to confirm with everybody that this couldn't be a v1809 bug.
     
    lunarlander, Jan 13, 2019
    #1
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,593
    Location:
    U.S.A.
    My like event log entries on 1809 x(64) Home go back to 12/31/2018. I upgraded to 1809 on 12/15/2018. This implies the logs have been purged prior to 12/31/2018 by some type of Win 1809 maintenance I assume.
     
    itman, Jan 13, 2019
    #2
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...