Please Fix This SSL Protocol Scanning Issue

[itman 1,659]

I have thousands of the below audit-success event log messages being generated whenever SSL protocol scanning is enabled.

 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          8/2/2015 7:17:41 PM
Event ID:      5058
Task Category: Other System Events
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      Don-PC
Description:
Key file operation.

Subject:
 Security ID:  S-1-5-18
 Account Name:  XXX-PC$
 Account Domain:  WORKGROUP
 Logon ID:  0x3e7

Cryptographic Parameters:
 Provider Name: Microsoft Software Key Storage Provider
 Algorithm Name: Not Available.
 Key Name: 7DC-55BEA51545534880-NodSSL
 Key Type: Machine key.

Key File Operation Information:
 File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6c6c7213437feb6b8b9338292709a1f_107b96bd-56dd-464d-92cc-0a5dd752abc5
 Operation: Read persisted key from file.
 Return Code: 0x0
Event Xml:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5058</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12292</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2015-08-02T23:17:41.543324200Z" />
    <EventRecordID>348334</EventRecordID>
    <Correlation />
    <Execution ProcessID="696" ThreadID="4120" />
    <Channel>Security</Channel>
    <Computer>Don-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-18</Data>
    <Data Name="SubjectUserName">XXX-PC$</Data>
    <Data Name="SubjectDomainName">WORKGROUP</Data>
    <Data Name="SubjectLogonId">0x3e7</Data>
    <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
    <Data Name="AlgorithmName">%%2432</Data>
    <Data Name="KeyName">7DC-55BEA51545534880-NodSSL</Data>
    <Data Name="KeyType">%%2499</Data>
    <Data Name="KeyFilePath">C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6c6c7213437feb6b8b9338292709a1f_107b96bd-56dd-464d-92cc-0a5dd752abc5</Data>
    <Data Name="Operation">%%2458</Data>
    <Data Name="ReturnCode">0x0</Data>
  </EventData>
</Event>

[Marcos 5,074]

I'm afraid there's nothing that could be done about this on ESET's part. It's Windows that stores private keys there when an https connection is established between ESET and a browser.

[gflemming 0]

itman

 

Did you ever come up with a solution for this issue?  I'm getting over 10K per week of the 5058/5061 Audit Success.

My solution was to cut the size of the Security Event Log, and let them blow themselves away.

Not a great solution, but I couldn't come up with anything better.

[itman 1,659]

itman

 

Did you ever come up with a solution for this issue?  I'm getting over 10K per week of the 5058/5061 Audit Success.

My solution was to cut the size of the Security Event Log, and let them blow themselves away.

Not a great solution, but I couldn't come up with anything better.

No.

 

I have since upgraded to Win 10 and the issue is worse.  Now Win is complaining about two Eset encryption keys!