Windows 10 Security Event Log flooded with 4656 Events

  • Thread starter Thread starter iggygatton
  • Start date Start date
I

iggygatton

We are having issues with our Security event log within Event Viewer. It is my understanding when you perform Object Access auditing and enable it within Group Policy, you still need to enable auditing on the Objects (to be audited) themselves. We just enabled Object Access auditing and are already seeing Handle Manipulation events (i.e. event id 4656) flooding our Security log even though we have not configured auditing at the file level for ANY of the files in question. A lot of forums mention disabling Audit File System and Audit Handle Manipulation events to ensure the 4656 events do not flood the Security log; however, we want to be able to see these events for the files that we configure auditing for (at the file level), but not for any other files which were not configured for auditing at the file level. We do not have Global Object Access Auditing configured.

Continue reading...
 
You must log in or register to reply here.

Similar threads

I
Windows 10 Logon Event (Event ID 4648). Events only log during a successful remote desktop in to the computer.
Replies
0
Views
6
ItsChefMatt
I
J
Windows 11 Windows-Security-LessPrivilegedAppContainer Filling Event Log
Replies
0
Views
6
Jon(S)
J
H
Windows 10 why are there very many rapidly occurring events in event log?
Replies
0
Views
16
hub-bubba
H
J
Windows 11 Event id 5038 and Crowdstrike
Replies
0
Views
8
Jeff102365
J
A
Windows 11 Access denied to event viewer security log - Win11
Replies
0
Views
19
Ashley Beagle
A
Back
Top