Answered by:
Windows Security Event Log shows 'System' as source name

Question
-
Hi,
I was going through the windows security logs with event id 5156 and 5157 to figure out what executable s are getting allowed and blocked. However I am unable to do so, because the source name in security log shows as 'System' instead of showing the executable name. Can anyone help me to figure out what is the actual exe getting allowed and blocked?
- Moved by Just Karl Tuesday, September 8, 2015 2:20 PM Looking for the proper forum.
Saturday, September 5, 2015 5:15 AM
Answers
-
Hello,
What operating system is this?
If it's Windows 7, I'd ask in the Windows 7 IT Pro forums:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=w7itpro
If it's Windows 8 or 8.1, I'd ask in the Windows 8.1 IT Pro forums.
If it's Windows 10, I'd ask in the Windows 10 IT Pro forums.
If it's a Server, Windows Server forums are over here: Windows Server
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})- Edited by Just Karl Monday, September 14, 2015 2:18 PM
- Proposed as answer by Dave PatrickMVP Wednesday, September 16, 2015 9:33 PM
- Marked as answer by Dave PatrickMVP Wednesday, September 16, 2015 9:33 PM
Tuesday, September 8, 2015 2:20 PM
All replies
-
Hello,
The Windows Desktop Perfmon and Diagnostic tools forum is to discuss performance monitor (perfmon), resource monitor (resmon), and task manager, focusing on HOW-TO, Errors/Problems, and usage scenarios.
As the question is off topic here, I am moving it to the Where is the Forum... forum.Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})Tuesday, September 8, 2015 2:17 PM -
Hello,
What operating system is this?
If it's Windows 7, I'd ask in the Windows 7 IT Pro forums:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=w7itpro
If it's Windows 8 or 8.1, I'd ask in the Windows 8.1 IT Pro forums.
If it's Windows 10, I'd ask in the Windows 10 IT Pro forums.
If it's a Server, Windows Server forums are over here: Windows Server
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})- Edited by Just Karl Monday, September 14, 2015 2:18 PM
- Proposed as answer by Dave PatrickMVP Wednesday, September 16, 2015 9:33 PM
- Marked as answer by Dave PatrickMVP Wednesday, September 16, 2015 9:33 PM
Tuesday, September 8, 2015 2:20 PM