Announcement

Collapse
No announcement yet.

Events 515 - KsecDD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Events 515 - KsecDD

    Hi,

    On one of my domain controller I have a 515 security eventID from User: NT AUTHORITY\SYSTEM:

    A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

    Logon Process Name: KSecDD


    This is happening every minute. It really looks like a hack to me. My antivirus is up to date but doesn't detect anything. I'm quite concerned.

    Any clue/suggestion?

    Thanks

  • #2
    Re: Events 515 - KsecDD

    I think this is nothing to worry about. 515 events are logged at the start of a logon process and randomly afterwards.
    And since Ksecdd provides the kernel security device driver, I would have thought It would be highly Improbable to be a security breach.

    Make sure you keep up with good security practices though (AV in place and up-to date, OS fully patched etc) and check the other events carefully.

    Cheers
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Events 515 - KsecDD

      Sounds good.

      Thanks

      Comment

      Working...
      X