Jump to content

Please Fix This SSL Protocol Scanning Issue


Recommended Posts

I have thousands of the below audit-success event log messages being generated whenever SSL protocol scanning is enabled.

 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          8/2/2015 7:17:41 PM
Event ID:      5058
Task Category: Other System Events
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Don-PC
Description:
Key file operation.

Subject:
 Security ID:  S-1-5-18
 Account Name:  XXX-PC$
 Account Domain:  WORKGROUP
 Logon ID:  0x3e7

Cryptographic Parameters:
 Provider Name: Microsoft Software Key Storage Provider
 Algorithm Name: Not Available.
 Key Name: 7DC-55BEA51545534880-NodSSL
 Key Type: Machine key.

Key File Operation Information:
 File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6c6c7213437feb6b8b9338292709a1f_107b96bd-56dd-464d-92cc-0a5dd752abc5
 Operation: Read persisted key from file.
 Return Code: 0x0
Event Xml:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5058</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12292</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2015-08-02T23:17:41.543324200Z" />
    <EventRecordID>348334</EventRecordID>
    <Correlation />
    <Execution ProcessID="696" ThreadID="4120" />
    <Channel>Security</Channel>
    <Computer>Don-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-18</Data>
    <Data Name="SubjectUserName">XXX-PC$</Data>
    <Data Name="SubjectDomainName">WORKGROUP</Data>
    <Data Name="SubjectLogonId">0x3e7</Data>
    <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
    <Data Name="AlgorithmName">%%2432</Data>
    <Data Name="KeyName">7DC-55BEA51545534880-NodSSL</Data>
    <Data Name="KeyType">%%2499</Data>
    <Data Name="KeyFilePath">C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6c6c7213437feb6b8b9338292709a1f_107b96bd-56dd-464d-92cc-0a5dd752abc5</Data>
    <Data Name="Operation">%%2458</Data>
    <Data Name="ReturnCode">0x0</Data>
  </EventData>
</Event>

Link to comment
Share on other sites

  • Administrators

I'm afraid there's nothing that could be done about this on ESET's part. It's Windows that stores private keys there when an https connection is established between ESET and a browser.

Link to comment
Share on other sites

  • 11 months later...

itman

 

Did you ever come up with a solution for this issue?  I'm getting over 10K per week of the 5058/5061 Audit Success.

My solution was to cut the size of the Security Event Log, and let them blow themselves away.

Not a great solution, but I couldn't come up with anything better.

Link to comment
Share on other sites

itman

 

Did you ever come up with a solution for this issue?  I'm getting over 10K per week of the 5058/5061 Audit Success.

My solution was to cut the size of the Security Event Log, and let them blow themselves away.

Not a great solution, but I couldn't come up with anything better.

No.

 

I have since upgraded to Win 10 and the issue is worse.  Now Win is complaining about two Eset encryption keys! 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...