Administrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on. Some auditable activity might not have been recorded.

Aggregating Count() By Channel, Level, EventType Error

Aggregating count() by Channel, level, EventType Error

An Attempt To Automatically Restart Conversion On Volume 2 Failed

An attempt to automatically restart conversion on volume 2 failed.

An Attempt Was Made To Reset An Account's Password

An attempt was made to reset an account’s password.

An Error Was Encountered Converting Volume

An error was encountered converting volume

An IPsec Extended Mode Negotiation Failed The Corresponding Main Mode Security Association Has Been Deleted

An IPsec Extended Mode negotiation failed. The corresponding Main Mode security association has been deleted.

An IPsec Extended Mode Negotiation Failed The Corresponding Main Mode Security Association Has Been Deleted

An IPsec Extended Mode negotiation failed. The corresponding Main Mode security association has been deleted.

An IPsec Negotiation With A Remote Computer Failed Because The IKE And AuthIP IPsec Keying Modules (IKEEXT) Service Is Not Started

An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started.

Auditing Settings On Object Were Changed

Auditing settings on object were changed.

Backup Of Data Protection Master Key Was Attempted

Backup of data protection master key was attempted.

CA Permissions Corrupted Or Missing

CA Permissions Corrupted or Missing

Certificate Services Loaded Default Configuration

Certificate Services loaded default configuration

Certificate Services Revoked A Certificate

Certificate Services revoked a certificate.

Code Integrity Determined That The Image Hash Of A File Is Not Valid The File Could Be Corrupt Due To Unauthorized Modification Or The Invalid Hash Could Indicate A Potential Disk Device Error

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

Credential Manager Credentials Were Backed Up

Credential Manager credentials were backed up.

Credential Manager Credentials Were Restored From A Backup

Credential Manager credentials were restored from a backup.

During Extended Mode Negotiation, IPsec Received An Invalid Negotiation Packet If This Problem Persists, IT Could Indicate A Network Issue Or An Attempt To Modify Or Replay This Negotiation

During Extended Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

During Main Mode Negotiation, IPsec Received An Invalid Negotiation Packet If This Problem Persists, IT Could Indicate A Network Issue Or An Attempt To Modify Or Replay This Negotiation

During Main Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

During Quick Mode Negotiation, IPsec Received An Invalid Negotiation Packet If This Problem Persists, IT Could Indicate A Network Issue Or An Attempt To Modify Or Replay This Negotiation

During Quick Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

Encrypted Data Recovery Policy Was Changed

Encrypted data recovery policy was changed.

Failed To Remove Item From Quarantine

Failed to remove item from quarantine

Firewall Failed To Load Group Policy

Firewall Failed to load Group Policy

Fortigate Firewall SSL VPN Disconnection

General Account Database Changed

General account database changed

Group Policy Application Failed Due To Connectivity

Group Policy Application Failed due to Connectivity

IPsec Dropped An Inbound Clear Text Packet That Should Have Been Secured This Is Usually Due To The Remote Computer Changing Its IPsec Policy Without Informing This Computer This Could Also Be A Spoofing Attack Attempt

IPsec dropped an inbound clear text packet that should have been secured. This is usually due to the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt.

IPsec Dropped An Inbound Packet That Failed A Replay Check If This Problem Persists, IT Could Indicate A Replay Attack Against This Computer

IPsec dropped an inbound packet that failed a replay check. If this problem persists, it could indicate a replay attack against this computer.

IPsec Dropped An Inbound Packet That Failed A Replay Check The Inbound Packet Had Too Low A Sequence Number To Ensure IT Was Not A Replay

IPsec dropped an inbound packet that failed a replay check. The inbound packet had too low a sequence number to ensure it was not a replay.

IPsec Dropped An Inbound Packet That Failed An Integrity Check If This Problem Persists, IT Could Indicate A Network Issue Or That Packets Are Being Modified In Transit To This Computer Verify That The Packets Sent From The Remote Computer Are The Same As Those Received By This Computer This Error Might Also Indicate Interoperability Problems With Other IPsec Implementations

IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified in transit to this computer. Verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations.

IPsec Received A Packet From A Remote Computer With An Incorrect Security Parameter Index (SPI) This Is Usually Caused By Malfunctioning Hardware That Is Corrupting Packets If These Errors Persist, Verify That The Packets Sent From The Remote Computer Are The Same As Those Received By This Computer This Error May Also Indicate Interoperability Problems With Other IPsec Implementations In That Case, If Connectivity Is Not Impeded, Then These Events Can Be Ignored

IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI). This is usually caused by malfunctioning hardware that is corrupting packets. If these errors persist, verify that the packets sent from the remote computer are the same as those received by this computer. This error may also indicate interoperability problems with other IPsec implementations. In that case, if connectivity is not impeded, then these events can be ignored.

IPsec Services Failed To Get The Complete List Of Network Interfaces On The Computer This Poses A Potential Security Risk Because Some Of The Network Interfaces May Not Get The Protection Provided By The Applied IPsec Filters Use The IP Security Monitor Snap In To Diagnose The Problem

IPsec Services failed to get the complete list of network interfaces on the computer. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.

IPsec Services Failed To Initialize RPC Server IPsec Services Could Not Be Started

IPsec Services failed to initialize RPC server. IPsec Services could not be started.

IPsec Services Failed To Process Some IPsec Filters On A Plug And Play Event For Network Interfaces This Poses A Potential Security Risk Because Some Of The Network Interfaces May Not Get The Protection Provided By The Applied IPsec Filters Use The IP Security Monitor Snap In To Diagnose The Problem

IPsec Services failed to process some IPsec filters on a plug-and-play event for network interfaces. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.

IPsec Services Has Experienced A Critical Failure And Has Been Shut Down The Shutdown Of IPsec Services Can Put The Computer At Greater Risk Of Network Attack Or Expose The Computer To Potential Security Risks

IPsec Services has experienced a critical failure and has been shut down. The shutdown of IPsec Services can put the computer at greater risk of network attack or expose the computer to potential security risks.

Kerberos Policy Was Changed

Kerberos policy was changed.

Level 2 Severity Errors

Malware Removal Fatal Error

Metadata Rebuild: An Attempt To Write A Copy Of Metadata On Volume 2 Failed And May Appear As Disk Corruption If Failures Continue, Decrypt Volume

Metadata rebuild: An attempt to write a copy of metadata on volume 2 failed and may appear as disk corruption. If failures continue, decrypt volume.

Metadata Write: Volume 2 Returning Errors While Trying To Modify Metadata If Failures Continue, Decrypt Volume

Metadata write: Volume 2 returning errors while trying to modify metadata. If failures continue, decrypt volume

Network Policy Server Denied Access To A User

Network Policy Server denied access to a user.

Network Policy Server Discarded The Accounting Request For A User

Network Policy Server discarded the accounting request for a user.

Network Policy Server Discarded The Request For A User

Network Policy Server discarded the request for a user.

Network Policy Server Granted Access To A User But Put IT On Probation Because The Host Did Not Meet The Defined Health Policy

Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.

Network Policy Server Granted Full Access To A User Because The Host Met The Defined Health Policy

Network Policy Server granted full access to a user because the host met the defined health policy.

Network Policy Server Locked The User Account Due To Repeated Failed Authentication Attempts

Network Policy Server locked the user account due to repeated failed authentication attempts.

Network Policy Server Quarantined A User

Network Policy Server quarantined a user.

Network Policy Server Unlocked The User Account

Network Policy Server unlocked the user account.

OCSP Responder Service Started

OCSP Responder Service Stopped

Office 365 Activity Outside USA

Office 365 - Activity Outside USA

Office 365 New User Created

Office 365 - New User Created

Office 365 Owner Added To Group

Office 365 - Owner Added to Group

One Or More Errors Occurred While Processing Security Policy In The Group Policy Objects

One or more errors occurred while processing security policy in the Group Policy objects.

One Or More Rows Have Been Deleted From The Certificate Database

One or more rows have been deleted from the certificate database.

Per User Audit Policy Was Changed

Per User Audit Policy was changed.

Performance Scheduled Task Errors

Performance - Scheduled Task errors

Performance SQL Server Errors

Performance - SQL server errors

Performance Terminal Server Remote Desktop Login Errors

Performance - Terminal Server remote desktop login errors

Possible Denial Of Service (DoS) Attack

Possible denial-of-service (DoS) attack

Quality Of Service Policy Changed

Quality of Service Policy changed

RADIUS User Assigned IP

RADIUS User assigned IP

RADIUS User Authenticated

RADIUS User Disconnected

Recovery Of Data Protection Master Key Was Attempted

Recovery of data protection master key was attempted.

Reliability License Manager Errors

Reliability - License Manager errors

Reliability Network Drive Access Denied

Reliability - Network Drive access denied

Reliability Network Drive Disconnect Errors

Reliability - Network drive disconnect errors

Reliability Settings Sync Not Configured Properly

Reliability - Settings Sync not configured properly

Reliability Temporary Profile Errors

Reliability - Temporary Profile Errors

RPC Detected An Integrity Violation While Decrypting An Incoming Message

RPC detected an integrity violation while decrypting an incoming message.

Scan Failed

Security Authentication Errors

Security - Authentication errors

Security Permissions Errors

Security - Permissions errors

Security Ransomware Vulnerability

Security - Ransomware vulnerability

Security Windows Updates Missing

Security - Windows Updates missing

Service Start Failure

Shutdown Initiate Failed

SIDs Were Filtered

SIDs were filtered.

Special Groups Logon Table Modified

Special Groups Logon table modified.

SRP Block

Syslog Log Level 2 Alert

Syslog Log level 2 alert

Temp Profile Logon

The ACL Was Set On Accounts Which Are Members Of Administrators Groups

The ACL was set on accounts which are members of administrators groups.

The Audit Filter For Certificate Services Changed

The audit filter for Certificate Services changed.

The Audit Log Was Cleared

The audit log was cleared

The Audit Policy (SACL) On An Object Was Changed

The audit policy (SACL) on an object was changed.

The Certificate Manager Denied A Pending Certificate Request

The certificate manager denied a pending certificate request.

The Certificate Manager Settings For Certificate Services Changed

The certificate manager settings for Certificate Services changed.

The CrashOnAuditFail Value Has Changed

The CrashOnAuditFail value has changed.

The Security Permissions For Certificate Services Changed

The security permissions for Certificate Services changed.

The Windows Firewall Driver Detected Critical Runtime Error Terminating

The Windows Firewall Driver detected critical runtime error. Terminating.

The Windows Firewall Driver Failed To Start

The Windows Firewall Driver failed to start.

The Windows Firewall Service Failed To Initialize The Driver The Service Will Continue To Enforce The Current Policy

The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.

The Windows Firewall Service Failed To Start

The Windows Firewall Service failed to start.

The Windows Firewall Service Was Unable To Parse The New Security Policy The Service Will Continue With Currently Enforced Policy

The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.

The Windows Firewall Service Was Unable To Retrieve The Security Policy From The Local Storage The Service Will Continue Enforcing The Current Policy

The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.