From: Jose on 13 Feb 2010 13:49 On Feb 13, 9:51 am, "William B. Lurie" <billu...(a)nospam.net> wrote: > JD wrote: > > William B. Lurie wrote: > >> William B. Lurie wrote: > >>> William B. Lurie wrote: > >>>> VanguardLH wrote: > >>>>> William B. Lurie wrote: > > >>>>>> Gerry, I found that Norton System Works Premier, which > >>>>>> has a separate menu for such things, has a place where > >>>>>> I can choose "Turn off all automatic updates". I > >>>>>> did that several hours ago, and now the events have > >>>>>> trickled down to a very few. > > >>>>> But doesn't that also mean that you won't get signature and/or program > >>>>> updates for your Norton security program? You would end up with an > >>>>> out-of- > >>>>> date Norton product. > >>>> I turned off all *automatic* updates. I can still do > >>>> Live Update when I choose to do so. > >>> ************************************************* > >>> And now, some evidence and a question. > >>> Overnight it did something every hour that > >>> prevented it from going to hibernate. Or even screen saver! > > >>> Here's the event log: > > >>>http://bellsouthpwp.net/b/i/billurie/events.evt > > >>> Can someone please tell me how to interpret what it shows? > >>> (By the way, I uploaded the file but my notepad can't read > >>> it; I hope somebody can!) > > >> Here is a screen shot of the events log.......maybe more > >> decipherable....... > > >>http://bellsouthpwp.net/b/i/billurie/events.jpg > > > Go back to the events log and double left mouse click on one of the > > errors. That will bring up the Event Properties. On the upper right side > > of that window will be an up and down arrow and two little pages. Left > > mouse click on the two pages. Then open Notepad and either hit Ctrl V or > > click on Edit and select Paste. Now you have a copy of the error > > properties and maybe you or someone here can tell you what is causing > > the error. > > Great instructions, JD, and here's one typical 'event'. > > Event Type: Failure Audit > Event Source: Security > Event Category: Policy Change > Event ID: 615 > Date: 2/13/2010 > Time: 6:38:44 AM > User: NT AUTHORITY\NETWORK SERVICE > Computer: COMPAQ-2006 > Description: > IPSec Services: IPSec Services failed to get the complete > list of network interfaces on the machine. This can be a potential > security hazard to the machine since some of the network interfaces > may not get the protection as desired by the applied IPSec filters. > Please run IPSec monitor snap-in to further diagnose the problem. > > That, of course, leads me to another place I've never been before... > IPSec monitor snap-in. And now.......?? Is there some reason you have your system configured to monitor and audit and log security policy settings and changes? That is what puts things in the Security log. Such settings do not usually apply to "normal" home type users. Normally, this log is empty, or has one entry in it - "The audit log was cleared ". I dare say you are seeing a self inflicted wound. Unless you are in an environment where you need to be extensively auditing your Internet traffic, searching for network connectivity issues, etc. you do not need to be monitoring these events. This 615 probably occurred when you booted your system before the IPSec service started and was then followed by a successful 615. If you don't know what these things mean or how to begin to interpret them you should turn them all off since they slow your system down with all the unnecessary activity logging. More logging is not always good logging unless you are troubleshooting a problem. If you don't know how to use the security auditing and IPSec tools and don't need to know, turn off all that extra stuff you don't need and your system will thank you for it by rewarding you with better performance and fewer mysteries. If you care to delve into all the settings, what they mean, how to interpret them, etc. you should take a class, read a book, do some Internet searching.
From: William B. Lurie on 13 Feb 2010 14:00 Jose wrote: > On Feb 13, 9:51 am, "William B. Lurie" <billu...(a)nospam.net> wrote: >> JD wrote: >>> William B. Lurie wrote: >>>> William B. Lurie wrote: >>>>> William B. Lurie wrote: >>>>>> VanguardLH wrote: >>>>>>> William B. Lurie wrote: >>>>>>>> Gerry, I found that Norton System Works Premier, which >>>>>>>> has a separate menu for such things, has a place where >>>>>>>> I can choose "Turn off all automatic updates". I >>>>>>>> did that several hours ago, and now the events have >>>>>>>> trickled down to a very few. >>>>>>> But doesn't that also mean that you won't get signature and/or program >>>>>>> updates for your Norton security program? You would end up with an >>>>>>> out-of- >>>>>>> date Norton product. >>>>>> I turned off all *automatic* updates. I can still do >>>>>> Live Update when I choose to do so. >>>>> ************************************************* >>>>> And now, some evidence and a question. >>>>> Overnight it did something every hour that >>>>> prevented it from going to hibernate. Or even screen saver! >>>>> Here's the event log: >>>>> http://bellsouthpwp.net/b/i/billurie/events.evt >>>>> Can someone please tell me how to interpret what it shows? >>>>> (By the way, I uploaded the file but my notepad can't read >>>>> it; I hope somebody can!) >>>> Here is a screen shot of the events log.......maybe more >>>> decipherable....... >>>> http://bellsouthpwp.net/b/i/billurie/events.jpg >>> Go back to the events log and double left mouse click on one of the >>> errors. That will bring up the Event Properties. On the upper right side >>> of that window will be an up and down arrow and two little pages. Left >>> mouse click on the two pages. Then open Notepad and either hit Ctrl V or >>> click on Edit and select Paste. Now you have a copy of the error >>> properties and maybe you or someone here can tell you what is causing >>> the error. >> Great instructions, JD, and here's one typical 'event'. >> >> Event Type: Failure Audit >> Event Source: Security >> Event Category: Policy Change >> Event ID: 615 >> Date: 2/13/2010 >> Time: 6:38:44 AM >> User: NT AUTHORITY\NETWORK SERVICE >> Computer: COMPAQ-2006 >> Description: >> IPSec Services: IPSec Services failed to get the complete >> list of network interfaces on the machine. This can be a potential >> security hazard to the machine since some of the network interfaces >> may not get the protection as desired by the applied IPSec filters. >> Please run IPSec monitor snap-in to further diagnose the problem. >> >> That, of course, leads me to another place I've never been before... >> IPSec monitor snap-in. And now.......?? > > Is there some reason you have your system configured to monitor and > audit and log security policy settings and changes? > > That is what puts things in the Security log. Such settings do not > usually apply to "normal" home type users. Normally, this log is > empty, or has one entry in it - "The audit log was cleared ". > > I dare say you are seeing a self inflicted wound. > > Unless you are in an environment where you need to be extensively > auditing your Internet traffic, searching for network connectivity > issues, etc. you do not need to be monitoring these events. This 615 > probably occurred when you booted your system before the IPSec service > started and was then followed by a successful 615. > > If you don't know what these things mean or how to begin to interpret > them you should turn them all off since they slow your system down > with all the unnecessary activity logging. More logging is not always > good logging unless you are troubleshooting a problem. > > If you don't know how to use the security auditing and IPSec tools and > don't need to know, turn off all that extra stuff you don't need and > your system will thank you for it by rewarding you with better > performance and fewer mysteries. > > If you care to delve into all the settings, what they mean, how to > interpret them, etc. you should take a class, read a book, do some > Internet searching. You're right on all counts, Jose. I have not made any changes to my system, it is a garden-variety HP off-the-shelf Home machine 2-odd years old, and I assure you that I have done nothing voluntarily to cause this behavior. With one possible exception, and I can turn that off to try it......I installed Anti-Malware and maybe it has done these wonderful "improvements" for me. I don't know (and don't want to know) all about that IPSec stuff.
From: JD on 13 Feb 2010 14:23 Jose wrote: > On Feb 13, 9:51 am, "William B. Lurie"<billu...(a)nospam.net> wrote: >> JD wrote: >>> William B. Lurie wrote: >>>> William B. Lurie wrote: >>>>> William B. Lurie wrote: >>>>>> VanguardLH wrote: >>>>>>> William B. Lurie wrote: >> >>>>>>>> Gerry, I found that Norton System Works Premier, which >>>>>>>> has a separate menu for such things, has a place where >>>>>>>> I can choose "Turn off all automatic updates". I >>>>>>>> did that several hours ago, and now the events have >>>>>>>> trickled down to a very few. >> >>>>>>> But doesn't that also mean that you won't get signature and/or program >>>>>>> updates for your Norton security program? You would end up with an >>>>>>> out-of- >>>>>>> date Norton product. >>>>>> I turned off all *automatic* updates. I can still do >>>>>> Live Update when I choose to do so. >>>>> ************************************************* >>>>> And now, some evidence and a question. >>>>> Overnight it did something every hour that >>>>> prevented it from going to hibernate. Or even screen saver! >> >>>>> Here's the event log: >> >>>>> http://bellsouthpwp.net/b/i/billurie/events.evt >> >>>>> Can someone please tell me how to interpret what it shows? >>>>> (By the way, I uploaded the file but my notepad can't read >>>>> it; I hope somebody can!) >> >>>> Here is a screen shot of the events log.......maybe more >>>> decipherable....... >> >>>> http://bellsouthpwp.net/b/i/billurie/events.jpg >> >>> Go back to the events log and double left mouse click on one of the >>> errors. That will bring up the Event Properties. On the upper right side >>> of that window will be an up and down arrow and two little pages. Left >>> mouse click on the two pages. Then open Notepad and either hit Ctrl V or >>> click on Edit and select Paste. Now you have a copy of the error >>> properties and maybe you or someone here can tell you what is causing >>> the error. >> >> Great instructions, JD, and here's one typical 'event'. >> >> Event Type: Failure Audit >> Event Source: Security >> Event Category: Policy Change >> Event ID: 615 >> Date: 2/13/2010 >> Time: 6:38:44 AM >> User: NT AUTHORITY\NETWORK SERVICE >> Computer: COMPAQ-2006 >> Description: >> IPSec Services: IPSec Services failed to get the complete >> list of network interfaces on the machine. This can be a potential >> security hazard to the machine since some of the network interfaces >> may not get the protection as desired by the applied IPSec filters. >> Please run IPSec monitor snap-in to further diagnose the problem. >> >> That, of course, leads me to another place I've never been before... >> IPSec monitor snap-in. And now.......?? > > Is there some reason you have your system configured to monitor and > audit and log security policy settings and changes? > > That is what puts things in the Security log. Such settings do not > usually apply to "normal" home type users. Normally, this log is > empty, or has one entry in it - "The audit log was cleared ". > > I dare say you are seeing a self inflicted wound. > > Unless you are in an environment where you need to be extensively > auditing your Internet traffic, searching for network connectivity > issues, etc. you do not need to be monitoring these events. This 615 > probably occurred when you booted your system before the IPSec service > started and was then followed by a successful 615. > > If you don't know what these things mean or how to begin to interpret > them you should turn them all off since they slow your system down > with all the unnecessary activity logging. More logging is not always > good logging unless you are troubleshooting a problem. > > If you don't know how to use the security auditing and IPSec tools and > don't need to know, turn off all that extra stuff you don't need and > your system will thank you for it by rewarding you with better > performance and fewer mysteries. > > If you care to delve into all the settings, what they mean, how to > interpret them, etc. you should take a class, read a book, do some > Internet searching. Thanks for a non-response. Which book would you suggest he read? Or how does he turn off the security log? Oh wait though, I have 2,012 events in my Security log and I've never turned it on. And not one of those says "The audit log was cleared". I'm not being a smarty pants, I'm just curious as to the explanation of your response. -- JD..
From: Gerry on 13 Feb 2010 14:27 William http://www.eventid.net/display.asp?eventid=615&eventno=3595&source=Security&phase=1 -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ William B. Lurie wrote: > Jose wrote: >> On Feb 13, 9:51 am, "William B. Lurie" <billu...(a)nospam.net> wrote: >>> JD wrote: >>>> William B. Lurie wrote: >>>>> William B. Lurie wrote: >>>>>> William B. Lurie wrote: >>>>>>> VanguardLH wrote: >>>>>>>> William B. Lurie wrote: >>>>>>>>> Gerry, I found that Norton System Works Premier, which >>>>>>>>> has a separate menu for such things, has a place where >>>>>>>>> I can choose "Turn off all automatic updates". I >>>>>>>>> did that several hours ago, and now the events have >>>>>>>>> trickled down to a very few. >>>>>>>> But doesn't that also mean that you won't get signature and/or >>>>>>>> program updates for your Norton security program? You would >>>>>>>> end up with an out-of- >>>>>>>> date Norton product. >>>>>>> I turned off all *automatic* updates. I can still do >>>>>>> Live Update when I choose to do so. >>>>>> ************************************************* >>>>>> And now, some evidence and a question. >>>>>> Overnight it did something every hour that >>>>>> prevented it from going to hibernate. Or even screen saver! >>>>>> Here's the event log: >>>>>> http://bellsouthpwp.net/b/i/billurie/events.evt >>>>>> Can someone please tell me how to interpret what it shows? >>>>>> (By the way, I uploaded the file but my notepad can't read >>>>>> it; I hope somebody can!) >>>>> Here is a screen shot of the events log.......maybe more >>>>> decipherable....... >>>>> http://bellsouthpwp.net/b/i/billurie/events.jpg >>>> Go back to the events log and double left mouse click on one of the >>>> errors. That will bring up the Event Properties. On the upper >>>> right side of that window will be an up and down arrow and two >>>> little pages. Left mouse click on the two pages. Then open Notepad >>>> and either hit Ctrl V or click on Edit and select Paste. Now you >>>> have a copy of the error properties and maybe you or someone here >>>> can tell you what is causing the error. >>> Great instructions, JD, and here's one typical 'event'. >>> >>> Event Type: Failure Audit >>> Event Source: Security >>> Event Category: Policy Change >>> Event ID: 615 >>> Date: 2/13/2010 >>> Time: 6:38:44 AM >>> User: NT AUTHORITY\NETWORK SERVICE >>> Computer: COMPAQ-2006 >>> Description: >>> IPSec Services: IPSec Services failed to get the complete >>> list of network interfaces on the machine. This can be a potential >>> security hazard to the machine since some of the network interfaces >>> may not get the protection as desired by the applied IPSec filters. >>> Please run IPSec monitor snap-in to further diagnose the problem. >>> >>> That, of course, leads me to another place I've never been before... >>> IPSec monitor snap-in. And now.......?? >> >> Is there some reason you have your system configured to monitor and >> audit and log security policy settings and changes? >> >> That is what puts things in the Security log. Such settings do not >> usually apply to "normal" home type users. Normally, this log is >> empty, or has one entry in it - "The audit log was cleared ". >> >> I dare say you are seeing a self inflicted wound. >> >> Unless you are in an environment where you need to be extensively >> auditing your Internet traffic, searching for network connectivity >> issues, etc. you do not need to be monitoring these events. This 615 >> probably occurred when you booted your system before the IPSec >> service started and was then followed by a successful 615. >> >> If you don't know what these things mean or how to begin to interpret >> them you should turn them all off since they slow your system down >> with all the unnecessary activity logging. More logging is not >> always good logging unless you are troubleshooting a problem. >> >> If you don't know how to use the security auditing and IPSec tools >> and don't need to know, turn off all that extra stuff you don't need >> and your system will thank you for it by rewarding you with better >> performance and fewer mysteries. >> >> If you care to delve into all the settings, what they mean, how to >> interpret them, etc. you should take a class, read a book, do some >> Internet searching. > You're right on all counts, Jose. I have not made any changes to my > system, it is a garden-variety HP off-the-shelf Home machine 2-odd > years old, and I assure you that I have done nothing voluntarily to > cause this behavior. With one possible exception, and I can turn that > off to try it......I installed Anti-Malware and maybe it has done > these wonderful "improvements" for me. I don't know (and don't want > to know) all about that IPSec stuff.
From: William B. Lurie on 13 Feb 2010 14:45
Gerry wrote: > William > > http://www.eventid.net/display.asp?eventid=615&eventno=3595&source=Security&phase=1 > > > > Thanks for the referral, Gerry. I appreciate your effort to be helpful.....but I found nothing there that would help me understand the source of the message, or lead me to a solution. I surmise that I am just not up to it. |