itman 1,743 Posted August 3, 2015 Share Posted August 3, 2015 I have thousands of the below audit-success event log messages being generated whenever SSL protocol scanning is enabled. Log Name: SecuritySource: Microsoft-Windows-Security-AuditingDate: 8/2/2015 7:17:41 PMEvent ID: 5058Task Category: Other System EventsLevel: InformationKeywords: Audit SuccessUser: N/AComputer: Don-PCDescription:Key file operation. Subject: Security ID: S-1-5-18 Account Name: XXX-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: 7DC-55BEA51545534880-NodSSL Key Type: Machine key. Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6c6c7213437feb6b8b9338292709a1f_107b96bd-56dd-464d-92cc-0a5dd752abc5 Operation: Read persisted key from file. Return Code: 0x0Event Xml:<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> <EventID>5058</EventID> <Version>0</Version> <Level>0</Level> <Task>12292</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2015-08-02T23:17:41.543324200Z" /> <EventRecordID>348334</EventRecordID> <Correlation /> <Execution ProcessID="696" ThreadID="4120" /> <Channel>Security</Channel> <Computer>Don-PC</Computer> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-5-18</Data> <Data Name="SubjectUserName">XXX-PC$</Data> <Data Name="SubjectDomainName">WORKGROUP</Data> <Data Name="SubjectLogonId">0x3e7</Data> <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data> <Data Name="AlgorithmName">%%2432</Data> <Data Name="KeyName">7DC-55BEA51545534880-NodSSL</Data> <Data Name="KeyType">%%2499</Data> <Data Name="KeyFilePath">C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6c6c7213437feb6b8b9338292709a1f_107b96bd-56dd-464d-92cc-0a5dd752abc5</Data> <Data Name="Operation">%%2458</Data> <Data Name="ReturnCode">0x0</Data> </EventData></Event> Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted August 3, 2015 Administrators Share Posted August 3, 2015 I'm afraid there's nothing that could be done about this on ESET's part. It's Windows that stores private keys there when an https connection is established between ESET and a browser. Link to comment Share on other sites More sharing options...
gflemming 0 Posted July 31, 2016 Share Posted July 31, 2016 itman Did you ever come up with a solution for this issue? I'm getting over 10K per week of the 5058/5061 Audit Success. My solution was to cut the size of the Security Event Log, and let them blow themselves away. Not a great solution, but I couldn't come up with anything better. Link to comment Share on other sites More sharing options...
itman 1,743 Posted July 31, 2016 Author Share Posted July 31, 2016 itman Did you ever come up with a solution for this issue? I'm getting over 10K per week of the 5058/5061 Audit Success. My solution was to cut the size of the Security Event Log, and let them blow themselves away. Not a great solution, but I couldn't come up with anything better. No. I have since upgraded to Win 10 and the issue is worse. Now Win is complaining about two Eset encryption keys! Link to comment Share on other sites More sharing options...
Recommended Posts