Check every Windows 8 PC you have. go to Control panel, administrative options, then event viewer. Look under the security log. see how many event id 4797’s you see then look at the details.
“An attempt was made to query the existence of a blank password for an account”
Microsoft Will not comment on this in their own forums. who is going to tells us or what security company is going to find out the truth behind this. Look at this screenshot. how many times?? All Day Long?For Weeks?
I sent an email to PC magazine asking them to check their windows 8 PC’s. This is strictly Windows 8. Windows 7 pc’s do not do this after a fresh install or with the Ethernet disconnected.
It doesn’t look like much of a mystery, just a bug with the number of times the event occurs. If you take a look at the SID and the group to which the event is applied, it’s pretty obvious what it’s doing.
I’m seeing this but it appears to have stopped ?
It was almost the only entry in the log, multiple times a second
last 2/3 days nothing, I will keep an eye on log now
The only big change to my system in this time frame is installing CIS 6xxx2708 :o
I am running the FW custom with high alerts and attempting to block all non vital Windows comms
1)why does it start
2)how do i turn this feature off?
3)it’s obviously out of control and micro$oft needs to address it
4)or a security company needs to figure it out since Microsoft remains silent
When I clear the logs and reboot I get exactly the same 21 4797 events every time. They also change if I make change to the network type or homegroup settings. This I’d expect as various credentials also change with these settings. I see nothing malicious here. Perhaps there’s a bug, in that some of the events appear to be duplicated, but then again, maybe it’s supposed to work like this.
An attempt was made to query the existence of a blank password for an account
basically it saying that something tried to see if your password is blank on an account.
but it does it to all accounts as well. People that are buying new laptops that aren’t even connected yet have this problem.
I’ve had these log messages from the instant that I installed Windows 8 Enterprise. It was the upgrade, but I installed it into a new partition and did not keep anything from my prior Windows 7.
SystemInfo tells me my Windows 8 installtion was at 7:11:55 PM. At 7:13:11 PM, the log started filling up with #4797 event IDs. I got 625 of them before midnight. I still get them irregardless of what the computer is connected to or even if it is totally disconnected from the network.
Yep. That’s supposedly normal. I guess. Microsoft won’t respond in their own forums.
if you read the thread there a postings of this going on id several different forums. Micro$soft won’t come clean so far.I haven’t seen a windows 8 that doesn’t do it.