Tweet
I noticed that there are 50+ security events (ID 5379) each minute in the Event Viewer under Windows Logs > Security.
This event type is about reading credentials from Credential Manager (Audit Success Messages - Credential Manager credentials were read).
I think this is related to Chaos licensing system because of TargetName in Event Data: ChaosULA
Data for typical message:
Subject:
Security ID: *****
Account Name: *****
Account Domain: *****
Logon ID: *****
Read Operation: Enumerate Credentials
EventData
SubjectUserSid *****
SubjectUserName *****
SubjectDomainName *****
SubjectLogonId 0x1432f5b62
TargetName ChaosULA:ula
Type 1
CountOfCredentialsReturned 1
ReadOperation %%8099
ReturnCode 0
ProcessCreationTime 2023-03-31T08:44:59.5961121Z
ClientProcessId 30268
Why is that? Is this something wrong with my computer?
I don't think such flooding of security events is normal...
This event type is about reading credentials from Credential Manager (Audit Success Messages - Credential Manager credentials were read).
I think this is related to Chaos licensing system because of TargetName in Event Data: ChaosULA
Data for typical message:
Subject:
Security ID: *****
Account Name: *****
Account Domain: *****
Logon ID: *****
Read Operation: Enumerate Credentials
EventData
SubjectUserSid *****
SubjectUserName *****
SubjectDomainName *****
SubjectLogonId 0x1432f5b62
TargetName ChaosULA:ula
Type 1
CountOfCredentialsReturned 1
ReadOperation %%8099
ReturnCode 0
ProcessCreationTime 2023-03-31T08:44:59.5961121Z
ClientProcessId 30268
Why is that? Is this something wrong with my computer?
I don't think such flooding of security events is normal...
Comment