Who Will Be the Security Company To figure out the Windows 8/4797 Event ID?


Check every Windows 8 PC you have. go to Control panel, administrative options, then event viewer. Look under the security log. see how many event id 4797’s you see then look at the details.

“An attempt was made to query the existence of a blank password for an account”

Microsoft Will not comment on this in their own forums. who is going to tells us or what security company is going to find out the truth behind this. Look at this screenshot. how many times?? All Day Long?For Weeks?
I sent an email to PC magazine asking them to check their windows 8 PC’s. This is strictly Windows 8. Windows 7 pc’s do not do this after a fresh install or with the Ethernet disconnected.




It’s spreading and people are starting to discover it all over the place.
There’s talk of a root kit…but no one knows…

[attachment deleted by admin]

It doesn’t look like much of a mystery, just a bug with the number of times the event occurs. If you take a look at the SID and the group to which the event is applied, it’s pretty obvious what it’s doing.

I’m seeing this but it appears to have stopped ?
It was almost the only entry in the log, multiple times a second
last 2/3 days nothing, I will keep an eye on log now
The only big change to my system in this time frame is installing CIS 6xxx2708 :o
I am running the FW custom with high alerts and attempting to block all non vital Windows comms

sure hope it transpires to be just a bug

1)why does it start
2)how do i turn this feature off?
3)it’s obviously out of control and micro$oft needs to address it
4)or a security company needs to figure it out since Microsoft remains silent

When I clear the logs and reboot I get exactly the same 21 4797 events every time. They also change if I make change to the network type or homegroup settings. This I’d expect as various credentials also change with these settings. I see nothing malicious here. Perhaps there’s a bug, in that some of the events appear to be duplicated, but then again, maybe it’s supposed to work like this.

I don’t like Windows 8 it is full of issues. Well you never know.

Is it just saying that one or more of the log on accounts do not have a password set for them? I never use a Windows password myself.

An attempt was made to query the existence of a blank password for an account

basically it saying that something tried to see if your password is blank on an account.
but it does it to all accounts as well. People that are buying new laptops that aren’t even connected yet have this problem.

If anyone could be bothered digging around in secpol for a few minutes, I’m sure an answer would be forthcoming but everyone loves a conspiracy…

Yeah! LOL! True! I bet it’s made by the CIA or the FBI to spy on you! :slight_smile: LOL! 8)

(^Joke… Just in case…)

much more likely the NSA :wink:

Yea i dug around in there for a long time but never found anything yet.
No find/search command it’s really well done… 88) ???

If you’re really worried about this just remove the auditing, just take a backup first.

  1. Open an elevated command prompt
  2. Type - Auditpol /backup /file:
  3. Type - Audiopol /clear
  4. If you need/want to restore later
  5. Type - Auditpol /restore /file:

Someone will squeeze the truth out of Microsoft. or something will hit someday.
I can wait rather play around with my security policies.

I’ve had these log messages from the instant that I installed Windows 8 Enterprise. It was the upgrade, but I installed it into a new partition and did not keep anything from my prior Windows 7.

SystemInfo tells me my Windows 8 installtion was at 7:11:55 PM. At 7:13:11 PM, the log started filling up with #4797 event IDs. I got 625 of them before midnight. I still get them irregardless of what the computer is connected to or even if it is totally disconnected from the network.

Yep. That’s supposedly normal. I guess. Microsoft won’t respond in their own forums.
if you read the thread there a postings of this going on id several different forums. Micro$soft won’t come clean so far.I haven’t seen a windows 8 that doesn’t do it.