Jump to content

Recommended Posts

On some Windows 2012 r2 server the process mbaservice.exe generate a flood of thousands and thousands of events that saturate the log file.

All events are equals. Below an event. The ProcessID 608 is lsass.exe.

I'ts a bug ? How prevent to saturate log file with this event ?

Aany suggestion is appreciated .

 

 System
  - Provider
   [ Name]  Microsoft-Windows-Security-Auditing
   [ Guid]  {54849625-5478-4994-A5BA-3E3B0328C30D}
   EventID 5447
   Version 0
   Level 0
   Task 13573
   Opcode 0
   Keywords 0x8020000000000000
  - TimeCreated
   [ SystemTime]  2019-11-28T08:37:11.563287400Z
   EventRecordID 57999359
   Correlation
  - Execution
   [ ProcessID]  608
   [ ThreadID]  628
   Channel Security
   Computer xxxxxxxx
   Security

- EventData
  ProcessId 1404
  UserSid S-1-5-18
  UserName NT AUTHORITY\SYSTEM
  ProviderKey {00000000-0000-0000-0000-000000000000}
  ProviderName -
  ChangeType %%16384
  FilterKey {41D8AE66-9396-493A-919E-8091EE026882}
  FilterName Malwarebytes Anti-Malware
  FilterType %%16388
  FilterId 100430
  LayerKey {C38D57D1-05A7-4C33-904F-7FBCEEE60E82}
  LayerName Livello v4 connessione ALE
  LayerId 48
  Weight 576460752303423488
  Conditions ID condizione: {b235ae9a-1d64-49b8-a44c-5ff3d9095045} Valore corrispondenza: Nell'intervallo Valore condizione: 0x0116d02f - 0x0116d02f  
  Action %%16389
  CalloutKey {00000000-0000-0000-0000-000000000000}
  CalloutName -

 

Share this post


Link to post
Share on other sites

Greetings,

I don't know if this applies to your situation or not, however I found the following system requirements with a note specifically about Windows Server in the user guide for Malwarebytes Anti-Malware found here and thought it might be relevant:

requirements.png.a253c41697408aefe931e19fad324547.png

If that is not helpful I apologize, but hopefully a member of Malwarebytes Support will be able to assist you shortly.  With that said, it is Thanksgiving in the US so the company is very likely short staffed so you might get a faster response by contacting Malwarebytes Business Support directly by filling out the form on the bottom of this page to get a reply via email.

Share this post


Link to post
Share on other sites

Hello @LicenzeSoftware

I have created a ticket for you in our Business Support Channel and reached out to you via e-mail to get additional information as well as log files.

Please check your e-mail.

Thank you !

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.