Momwe Mungamasulire Windows Security Event ID 4688 pakufufuza

Introduction

Malinga ndi Microsoft, ma ID a chochitika (omwe amatchedwanso zozindikiritsa zochitika) amazindikiritsa chochitika china mwapadera. Ndi chizindikiritso cha manambala chomwe chimalumikizidwa ku chochitika chilichonse chomwe chalowetsedwa ndi makina opangira a Windows. Chizindikiritso chimapereka mudziwe za zomwe zidachitika ndipo zitha kugwiritsidwa ntchito kuzindikira ndi kuthetsa mavuto okhudzana ndi magwiridwe antchito. Chochitika, munkhaniyi, chimatanthawuza chilichonse chochitidwa ndi dongosolo kapena wogwiritsa ntchito padongosolo. Zochitika izi zitha kuwonedwa pa Windows pogwiritsa ntchito Event Viewer

Chochitika cha ID 4688 chimalowetsedwa nthawi iliyonse njira yatsopano ikapangidwa. Imalemba pulogalamu iliyonse yomwe imapangidwa ndi makinawo ndi chidziwitso chake, kuphatikiza wopanga, chandamale, ndi njira yomwe idayambitsa. Zochitika zingapo zalowetsedwa pansi pa ID ya chochitika 4688. Mukalowa, Session Manager Subsystem (SMSS.exe) imayambitsidwa, ndipo chochitika 4688 chalowetsedwa. Ngati pulogalamuyo ili ndi pulogalamu yaumbanda, pulogalamu yaumbanda imatha kupanga njira zatsopano zoyendetsera. Njira zotere zitha kulembedwa pansi pa ID 4688.

Ikani Redmine pa Ubuntu 20.04 pa AWS

Kutanthauzira Kwachidziwitso ID 4688

Kuti mumasulire ID ya chochitika 4688, ndikofunikira kumvetsetsa magawo osiyanasiyana omwe akuphatikizidwa mu chipika cha zochitika. Magawowa atha kugwiritsidwa ntchito kuti azindikire zolakwika zilizonse ndikutsata komwe kumachokera.

Nkhani Yopanga: gawoli limapereka zambiri za akaunti ya ogwiritsa ntchito yomwe idapempha kuti apangidwe njira yatsopano. Gawo ili limapereka nkhani ndipo lingathandize ofufuza azamalamulo kuzindikira zolakwika. Zimaphatikizapo magawo angapo, kuphatikiza:

- Security Identifier (SID) ”Malinga ndi Microsoft, SID ndi mtengo wapadera womwe umagwiritsidwa ntchito kuzindikiritsa trustee. Amagwiritsidwa ntchito kuzindikira ogwiritsa ntchito pa makina a Windows.
- Dzina la Akaunti: SID yatsimikiza kuwonetsa dzina la akaunti yomwe idayambitsa njira yatsopanoyi.
- Chigawo cha Akaunti: dera lomwe kompyuta ndi yake.
- Logon ID: mtengo wapadera wa hexadecimal womwe umagwiritsidwa ntchito kuzindikira gawo la logon la wogwiritsa ntchito. Itha kugwiritsidwa ntchito kugwirizanitsa zochitika zomwe zili ndi ID ya chochitika chomwecho.

Mutu Wolinga: Gawoli limapereka chidziwitso cha akaunti ya ogwiritsa ntchito yomwe ikugwira ntchito. Mutu womwe watchulidwa muzochitika zopanga njira ukhoza, nthawi zina, kukhala wosiyana ndi mutu womwe watchulidwa pakuyimitsa njira. Choncho, pamene mlengi ndi chandamale alibe chizindikiro chofanana, ndikofunika kuti muphatikizepo mutu womwe mukufuna ngakhale kuti onse amatchula ID ya ndondomeko yomweyo. Magawo ang'onoang'ono ndi ofanana ndi omwe adalemba pamwambapa.
Chidziwitso cha Ndondomeko: Gawoli limapereka chidziwitso chatsatanetsatane chazomwe zidapangidwa. Zimaphatikizapo magawo angapo, kuphatikiza:

- New Process ID (PID): mtengo wapadera wa hexadecimal woperekedwa kunjira yatsopanoyi. Makina ogwiritsira ntchito a Windows amawagwiritsa ntchito kuti azitsatira zomwe zikuchitika.
- Dzina Latsopano Latsopano: njira yonse ndi dzina la fayilo yomwe ingagwiritsidwe ntchito yomwe idakhazikitsidwa kuti ipange njira yatsopano.
- Mtundu Wowunika Zizindikiro: kuwunika kwa ma token ndi njira yachitetezo yogwiritsidwa ntchito ndi Windows kuti adziwe ngati akaunti ya ogwiritsa ntchito ndiyololedwa kuchitapo kanthu. Mtundu wa chizindikiro chomwe ndondomeko idzagwiritse ntchito popempha mwayi wapamwamba umatchedwa "mtundu woyesa chizindikiro." Pali zinthu zitatu zomwe zingatheke pagawoli. Type 1 (%%1936) ikuwonetsa kuti ndondomekoyi ikugwiritsa ntchito chizindikiro cha ogwiritsa ntchito ndipo sanapemphe chilolezo chapadera. Kwa gawo ili, ndilo mtengo wofala kwambiri. Type 2 (%% 1937) ikuwonetsa kuti ndondomekoyi idapempha mwayi wokwanira wa oyang'anira kuti ayendetse ndipo adachita bwino kuwapeza. Wogwiritsa ntchito akamayendetsa pulogalamu kapena njira ngati woyang'anira, imayatsidwa. Type 3 (%% 1938) ikuwonetsa kuti njirayo idangolandira ufulu wofunikira kuti achite zomwe adafunsidwa, ngakhale idapempha mwayi wapamwamba.

- Label Yovomerezeka: chizindikiro cha kukhulupirika chomwe chaperekedwa ku ndondomekoyi.
- ID ya Njira Yopanga: mtengo wapadera wa hexadecimal woperekedwa kunjira yomwe idayambitsa njira yatsopanoyi.
- Dzina la Ntchito Yopanga: njira yonse ndi dzina la njira yomwe idapanga njira yatsopanoyi.
- Process Command Line: imapereka tsatanetsatane wa zotsutsana zomwe zaperekedwa mu lamulo kuti ayambitse njira yatsopanoyi. Zimaphatikizapo magawo angapo ang'onoang'ono kuphatikiza chikwatu chapano ndi ma hashes.

Ikani GoPhish Phishing Platform pa Ubuntu 18.04 mu AWS

Kutsiliza

Popenda ndondomeko, m'pofunika kudziwa ngati ili yovomerezeka kapena yoipa. Njira yovomerezeka imatha kudziwika mosavuta poyang'ana mutu wa mlengi ndikusintha magawo a chidziwitso. ID ya ndondomeko ingagwiritsidwe ntchito kuzindikira zolakwika, monga njira yatsopano yochokera kumayendedwe achilendo a makolo. Mzere wolamula ungagwiritsidwenso ntchito kutsimikizira kuvomerezeka kwa njira. Mwachitsanzo, njira yokhala ndi mikangano yomwe ili ndi njira yamafayilo yopita ku data yovuta ikhoza kuwonetsa zolinga zoyipa. Nkhani ya Mlengi ingagwiritsidwe ntchito kudziwa ngati akauntiyo ikugwirizana ndi zochitika zokayikitsa kapena ngati ili ndi mwayi wapamwamba.

Kuphatikiza apo, ndikofunikira kugwirizanitsa chidziwitso cha ID 4688 ndi zochitika zina zofunikira mudongosololi kuti mudziwe zomwe zachitika kumene. Chochitika cha ID 4688 chitha kulumikizidwa ndi 5156 kuti muwone ngati njira yatsopanoyi ikugwirizana ndi kulumikizana kulikonse. Ngati ndondomeko yatsopanoyi ikugwirizana ndi ntchito yatsopano yomwe yakhazikitsidwa, chochitika 4697 (kukhazikitsa ntchito) chikhoza kugwirizanitsidwa ndi 4688 kuti apereke zambiri. Event ID 5140 (kupanga mafayilo) itha kugwiritsidwanso ntchito kuzindikira mafayilo atsopano opangidwa ndi njira yatsopanoyi.

Pomaliza, kumvetsetsa zochitika za dongosololi ndikuzindikira zomwe zingatheke zotsatira za ndondomekoyi. Njira yomwe idakhazikitsidwa pa seva yovuta ikhoza kukhala ndi chikoka chachikulu kuposa yomwe idakhazikitsidwa pamakina oyimira. Nkhani imathandiza kutsogolera kafukufuku, kuika patsogolo mayankho ndi kuyang'anira zofunikira. Mwa kusanthula magawo osiyanasiyana mu chipika cha zochitika ndikuchita zogwirizana ndi zochitika zina, njira zosasangalatsa zimatha kutsatiridwa ndi komwe zidachokera komanso chifukwa chake.

Zilembo za Kobold: Ziwopsezo za HTML zochokera ku Email Phishing

April 18, 2024 No Comments

Makalata a Kobold: HTML-based Email Phishing Attacks Pa Marichi 31st 2024, a Luta Security adatulutsa nkhani yowunikira pa vector yatsopano yaukadaulo, Kobold Letters.

Werengani zambiri "

Google ndi The Incognito Myth

April 10, 2024 No Comments

Google ndi The Incognito Myth Pa Epulo 1 2024, Google idavomera kuthetsa mlandu powononga mabiliyoni a mbiri yakale yomwe yasonkhanitsidwa kuchokera ku Incognito mode.

Werengani zambiri "

Maadiresi a MAC ndi MAC Spoofing: Buku Lokwanira

April 6, 2024 No Comments

Ma adilesi a MAC ndi MAC Spoofing: Maupangiri Athunthu Kuchokera pakuthandizira kulumikizana mpaka kulumikizana kotetezeka, ma adilesi a MAC amagwira ntchito yofunika kwambiri pakuzindikiritsa zida.

Werengani zambiri "

Momwe Mungamasulire Windows Security Event ID 4688 pakufufuza

Introduction

Kutanthauzira Kwachidziwitso ID 4688

Kutsiliza

Zilembo za Kobold: Ziwopsezo za HTML zochokera ku Email Phishing

Google ndi The Incognito Myth

Maadiresi a MAC ndi MAC Spoofing: Buku Lokwanira

Services

Kampani Yathu

Adilesi Yathu

Solutions

Security FAQ

Media Social