Sign in

Microsoft.com

Microsoft

Remove From My Forums

Windows Security Event Log shows 'System' as source name

Question

1

Sign in to vote
Hi,

I was going through the windows security logs with event id 5156 and 5157 to figure out what executable s are getting allowed and blocked. However I am unable to do so, because the source name in security log shows as 'System' instead of showing the executable name. Can anyone help me to figure out what is the actual exe getting allowed and blocked?
- Moved by Just KarlModerator Tuesday, September 08, 2015 2:20 PM Looking for the proper forum.
Saturday, September 05, 2015 5:15 AM

Reply

|

Quote

Answers

0

Sign in to vote
Hello,

What operating system is this?

If it's Windows 7, I'd ask in the Windows 7 IT Pro forums:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=w7itpro

If it's Windows 8 or 8.1, I'd ask in the Windows 8.1 IT Pro forums.

If it's Windows 10, I'd ask in the Windows 10 IT Pro forums.

If it's a Server, Windows Server forums are over here: Windows Server

Karl

When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})
- Edited by Just KarlModerator Monday, September 14, 2015 2:18 PM
- Proposed as answer by Dave PatrickMVP, Moderator Wednesday, September 16, 2015 9:33 PM
- Marked as answer by Dave PatrickMVP, Moderator Wednesday, September 16, 2015 9:33 PM
Tuesday, September 08, 2015 2:20 PM

Reply

|

Quote

Moderator

All replies

0

Sign in to vote

Hello,

The Windows Desktop Perfmon and Diagnostic tools forum is to discuss performance monitor (perfmon), resource monitor (resmon), and task manager, focusing on HOW-TO, Errors/Problems, and usage scenarios.

As the question is off topic here, I am moving it to the Where is the Forum... forum.

Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

Tuesday, September 08, 2015 2:17 PM

Reply

|

Quote

Moderator

0

Sign in to vote
Hello,

What operating system is this?

If it's Windows 7, I'd ask in the Windows 7 IT Pro forums:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=w7itpro

If it's Windows 8 or 8.1, I'd ask in the Windows 8.1 IT Pro forums.

If it's Windows 10, I'd ask in the Windows 10 IT Pro forums.

If it's a Server, Windows Server forums are over here: Windows Server

Karl

When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})
- Edited by Just KarlModerator Monday, September 14, 2015 2:18 PM
- Proposed as answer by Dave PatrickMVP, Moderator Wednesday, September 16, 2015 9:33 PM
- Marked as answer by Dave PatrickMVP, Moderator Wednesday, September 16, 2015 9:33 PM
Tuesday, September 08, 2015 2:20 PM

Reply

|

Quote

Moderator