| Type | Date/Time | Source | Event ID | Message |
| Information | 21.12.2025 02:16:05 | MsiInstaller | 1040 | Beginning a Windows Installer transaction: \\DiskStation\Personali\Mauro\Software\Symantec Endpoint Protection\Symantec Endpoint Protection v14.3.11216.9000 - Eng\SEP 14.3.0 RU9\Sep64.msi. Client Process Id: 456. |
| Information | 21.12.2025 02:17:07 | Symantec Endpoint Protection | 34 | The 'SepMasterService' service is starting. |
| Information | 21.12.2025 02:17:07 | Symantec Endpoint Protection | 35 | The 'SepMasterService' service has started. |
| Information | 21.12.2025 02:17:32 | SepScanService | 34 | The 'SepScanService' service is starting. |
| Information | 21.12.2025 02:17:32 | SepScanService | 35 | The 'SepScanService' service has started. |
| Information | 21.12.2025 02:17:39 | MsiInstaller | 1042 | Ending a Windows Installer transaction: \\DiskStation\Personali\Mauro\Software\Symantec Endpoint Protection\Symantec Endpoint Protection v14.3.11216.9000 - Eng\SEP 14.3.0 RU9\Sep64.msi. Client Process Id: 456. |
| Error | 21.12.2025 02:17:39 | Symantec AntiVirus | 16711720 |
Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: https://ent-shasta-rrs.symantec.com/ced/entt?product=sep&version=14.3.11216.9000&language=italian&module=rtvscan&error=0009&build=symantec_ent
|
| Information | 21.12.2025 02:18:44 | Symantec AntiVirus | 16745734 |
Suspicious Behavior Detection has been enabled |
| Information | 21.12.2025 02:18:44 | Symantec AntiVirus | 16745737 |
Symantec Endpoint Protection Tamper Protection Enabled |
| Information | 21.12.2025 02:18:46 | Symantec AntiVirus | 16711694 |
Symantec Endpoint Protection services startup was successful. |
| Information | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | Network Intrusion Prevention enabled |
| Information | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | Internet Explorer Browser Intrusion Prevention enabled |
| Information | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | Firefox Browser Intrusion Prevention enabled |
| Information | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | Memory Exploit Mitigation enabled |
| Information | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | This device is not licensed for Memory Exploit Mitigation Custom Applications. |
| Warning | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | URL Reputation disabled by policy |
| Information | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | Already running process (PID:2676) 'C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Bin64\ccSvcHst.exe' is affected by a change to the application rules. |
| Information | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | Already running process (PID:3308) 'C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Bin64\ccSvcHst.exe' is affected by a change to the application rules. |
| Information | 21.12.2025 02:18:47 | Symantec Network Protection | 400 | Already running process (PID:6304) 'C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Bin64\ccSvcHst.exe' is affected by a change to the application rules. |
| Error | 21.12.2025 02:18:48 | Symantec Network Protection | 400 | Browser Extension Protection is malfunctioning |
| Information | 21.12.2025 02:18:48 | Symantec Network Protection | 400 | URL Reputation enabled |
| Information | 21.12.2025 02:18:58 | MsiInstaller | 11707 | Product: Symantec Endpoint Protection -- Installation operation completed successfully. |
| Information | 21.12.2025 02:18:58 | MsiInstaller | 1033 | Windows Installer installed the product. Product Name: Symantec Endpoint Protection. Product Version: 14.3.11216.9000. Product Language: 1033. Manufacturer: Broadcom. Installation success or error status: 0. |
| Information | 21.12.2025 02:19:33 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:' Logoff: Test
' |
| Information | 21.12.2025 02:19:33 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:' Logoff: 1
' |
| Information | 21.12.2025 02:19:33 | Microsoft-Windows-User Profiles Service | 1530 | Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
DETAIL -
48 user registry handles leaked from \Registry\User\S-1-5-21-613380163-247847029-1206412164-1000:
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\CA
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\CA
Process 792 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\System\GameConfigStore\Parents
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\SystemCertificates
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\trust
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\trust
Process 792 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\System\GameConfigStore
Process 308 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 2096 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 752 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Process 2096 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\Windows\DataCollection
Process 2096 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 752 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2096 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Internet Explorer\Main
Process 752 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Internet Explorer\Main
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Internet Explorer\Main
Process 308 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\Printers\DevModePerUser
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\Root
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\Root
Process 792 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\System\GameConfigStore\Children
Process 2096 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Internet Explorer\Security
Process 752 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Internet Explorer\Security
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Internet Explorer\Security
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 3860 (\Device\HarddiskVolume4\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Process 1196 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-613380163-247847029-1206412164-1000\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
|
| Information | 21.12.2025 02:19:45 | Symantec Endpoint Protection | 36 | The 'SepMasterService' service is stopping. |
| Information | 21.12.2025 02:19:45 | Symantec AntiVirus | 16711693 |
Symantec Endpoint Protection services shutdown was successful. |
| Information | 21.12.2025 02:19:45 | SepScanService | 36 | The 'SepScanService' service is stopping. |
| Information | 21.12.2025 02:19:46 | SepScanService | 37 | The 'SepScanService' service has stopped. |
| Information | 21.12.2025 02:19:58 | Symantec Endpoint Protection | 37 | The 'SepMasterService' service has stopped. |
| Information | 21.12.2025 02:19:58 | nssm | 1040 | Service Caddy received SHUTDOWN control, which will be handled. |
| Information | 21.12.2025 02:19:58 | Certify.Service | 0 | Service has been successfully shut down. |
| Information | 21.12.2025 02:19:58 | nssm | 1011 | Killing process C:\Caddy\caddy.exe because service Caddy is stopping. |
| Information | 21.12.2025 02:19:58 | Microsoft-Windows-User Profiles Service | 1532 | The User Profile Service has stopped.
|
| Information | 21.12.2025 02:20:24 | EventSystem | 4625 | The description for Event ID '1073746449' in Source 'EventSystem' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'86400', 'SuppressDuplicateDuration', 'Software\Microsoft\EventSystem\EventLog' |
| Information | 21.12.2025 02:20:24 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Service started/resumed' |
| Information | 21.12.2025 02:20:24 | Microsoft-Windows-User Profiles Service | 1531 | The User Profile Service has started successfully.
|
| Information | 21.12.2025 02:20:28 | nssm | 1040 | Service Caddy received START control, which will be handled. |
| Information | 21.12.2025 02:20:28 | SepScanService | 34 | The 'SepScanService' service is starting. |
| Information | 21.12.2025 02:20:28 | Symantec Endpoint Protection | 34 | The 'SepMasterService' service is starting. |
| Information | 21.12.2025 02:20:28 | Symantec Endpoint Protection | 35 | The 'SepMasterService' service has started. |
| Information | 21.12.2025 02:20:28 | Microsoft-Windows-WMI | 5615 | Windows Management Instrumentation Service started sucessfully |
| Information | 21.12.2025 02:20:29 | SepScanService | 35 | The 'SepScanService' service has started. |
| Information | 21.12.2025 02:20:28 | Microsoft-Windows-WMI | 5617 | Windows Management Instrumentation Service subsystems initialized successfully |
| Information | 21.12.2025 02:20:30 | nssm | 1008 | Started C:\Caddy\caddy.exe run --config C:\Caddy\Caddyfile for service Caddy in C:\Caddy. |
| Information | 21.12.2025 02:20:47 | Symantec AntiVirus | 16711687 |
New virus definition file loaded. Version: 251219008. |
| Information | 21.12.2025 02:20:49 | Symantec AntiVirus | 16711694 |
Symantec Endpoint Protection services startup was successful. |
| Warning | 21.12.2025 02:21:35 | Wlclntfy | 6005 | The winlogon notification subscriber is taking long time to handle the notification event (CreateSession). |
| Information | 21.12.2025 02:22:32 | Certify.Service | 0 | Service started successfully. |
| Information | 21.12.2025 02:22:32 | edgeupdate | 0 | Service stopped. |
| Information | 21.12.2025 02:22:33 | MSDTC 2 | 4202 | The description for Event ID '1073746026' in Source 'MSDTC 2' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'0', '0', '0', '0', '0', '0', '1', 'Mutual Authentication Required', 'NT AUTHORITY\NetworkService', '0', '0', '1' |
| Information | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | Network Intrusion Prevention enabled |
| Information | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | Internet Explorer Browser Intrusion Prevention enabled |
| Information | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | Firefox Browser Intrusion Prevention enabled |
| Error | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | Browser Extension Protection is malfunctioning |
| Information | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | Memory Exploit Mitigation enabled |
| Information | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | This device is not licensed for Memory Exploit Mitigation Custom Applications. |
| Information | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | URL Reputation enabled |
| Information | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | Already running process (PID:2124) 'C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Bin64\ccSvcHst.exe' is affected by a change to the application rules. |
| Information | 21.12.2025 02:22:33 | Software Protection Platform Service | 900 | The Software Protection service is starting.
Parameters: |
| Information | 21.12.2025 02:22:33 | Symantec Network Protection | 400 | Already running process (PID:2348) 'C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Bin64\ccSvcHst.exe' is affected by a change to the application rules. |
| Information | 21.12.2025 02:22:34 | Software Protection Platform Service | 1066 | Initialization status for service objects.
C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
|
| Information | 21.12.2025 02:22:34 | Software Protection Platform Service | 1034 | Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 |
| Information | 21.12.2025 02:22:34 | Software Protection Platform Service | 1034 | Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 |
| Information | 21.12.2025 02:22:34 | Software Protection Platform Service | 1034 | Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 |
| Information | 21.12.2025 02:22:34 | Software Protection Platform Service | 1034 | Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 |
| Information | 21.12.2025 02:22:34 | Software Protection Platform Service | 1034 | Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 |
| Information | 21.12.2025 02:22:34 | Software Protection Platform Service | 1034 | Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 |
| Information | 21.12.2025 02:22:35 | Software Protection Platform Service | 1034 | Duplicate definition of policy found. Policy name=ACLUIFileFolderTool-IsSecurityUIEnabled Priority=100 |
| Information | 21.12.2025 02:22:35 | Software Protection Platform Service | 1034 | Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500 |
| Information | 21.12.2025 02:22:35 | Software Protection Platform Service | 1033 | These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
App Id=55c92734-d682-4d71-983e-d6ec3f16059f
Sku Id=c0b765fd-6e2e-42f9-80d7-4a7ca0d118cf |
| Information | 21.12.2025 02:22:35 | Software Protection Platform Service | 1003 | The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 179bbfdb-3b18-4fa6-af8f-86f740f28fef, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 22105925-48c3-4ff4-a294-f654bb27e390, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 2e7a9ad1-a849-4b56-babe-17d5a29fe4b4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 3c006fa7-3b03-45a4-93da-63ddc1bdce11, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 3c2da9a5-1c6e-45d1-855f-fdbef536676f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 60d99e35-ba21-46e5-abf9-877d5dd815de, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 661f7658-7035-4b4c-9f35-010682943ec2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 8c1c5410-9f39-4805-8c9d-63a07706358f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 9db83b52-9904-4326-8957-ebe6feedf37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: a2ae7054-d580-4c06-a79b-1662e6f6955c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
11: afd55ac6-d0b0-4812-9047-6c756d82bedf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: c0b765fd-6e2e-42f9-80d7-4a7ca0d118cf, 1, 0 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
13: d6992aac-29e7-452a-bf10-bbfb8ccabe59, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: e73aabfa-12bc-4705-b551-2dd076bebc7d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: f3d100a3-7544-4580-be0b-88d452b4a881, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: f70cf82b-0a95-4f14-a0a9-cb968d337962, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: 0a0d7c2b-1348-49ac-a3b6-0544a02b0487, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: 4527aa66-c28b-4c75-89f9-12219c025bbd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: 4cd0ab30-73a4-4dde-972c-512f05be31df, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: 5ccf6b5d-82ca-45ae-bd4a-97a0b8043b8f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 5e3e2365-8af0-4243-8b45-58f79a21fcd0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: 5f16ef88-992e-4593-9380-8f67e12890d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
23: 66a821fd-67c3-4bad-a5a8-f489a9f3894c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
24: 87a9e3b9-8bf6-4cdc-9064-78b4b8b17560, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
25: 91bcac0a-d7d3-4d2b-bd0c-72fed675f01b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
26: b57dc6e1-607c-4c5d-96a6-8929dfdfade9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
27: baa43e5a-197d-427a-9acd-e1f494b230d2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
28: e0d89b2c-d3a7-445b-b6d6-65d6c92fe1e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
|
| 0 | 21.12.2025 02:22:35 | Software Protection Platform Service | 902 | The Software Protection service has started.
10.0.14393.8592 |
| Warning | 21.12.2025 02:22:39 | Symantec WSS Traffic Redirection | 16715683 |
Web and Cloud Access Protection disabled. |
| Information | 21.12.2025 02:22:44 | MsiInstaller | 11707 | Installation succeeded |
| Information | 21.12.2025 02:22:44 | MsiInstaller | 1005 | The Windows Installer initiated a system restart to complete or continue the configuration of 'Symantec Endpoint Protection'. |
| Information | 21.12.2025 02:22:57 | Symantec Network Protection | 400 | Browser Extension Protection enabled |
| Information | 21.12.2025 02:23:05 | Software Protection Platform Service | 16384 | Successfully scheduled Software Protection service for re-start at 2125-11-27T01:23:05Z. Reason: RulesEngine. |
| 0 | 21.12.2025 02:23:05 | Software Protection Platform Service | 903 | The Software Protection service has stopped.
|
| Information | 21.12.2025 02:23:14 | Desktop Window Manager | 9027 | The Desktop Window Manager has registered the session port. |
| Warning | 21.12.2025 02:23:16 | Wlclntfy | 6006 | The winlogon notification subscriber took 161 second(s) to handle the notification event (CreateSession). |
| Information | 21.12.2025 02:24:43 | Microsoft-Windows-LoadPerf | 1001 | Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. |
| Information | 21.12.2025 02:24:44 | Microsoft-Windows-LoadPerf | 1000 | Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. |
| Warning | 21.12.2025 02:25:36 | Symantec Network Protection | 400 | [SID: 35256] Web Attack: Meta React Server Components CVE-2025-55182 attack blocked. Traffic has been blocked for this application: C:\CADDY\CADDY.EXE |
| Warning | 21.12.2025 02:25:36 | Symantec Network Protection | 400 | [SID: 35273] Web Attack: Malicious Payload Upload 40 attack blocked. Traffic has been blocked for this application: C:\CADDY\CADDY.EXE |
| Information | 21.12.2025 02:26:44 | nssm | 1040 | Service Caddy received SHUTDOWN control, which will be handled. |
| Information | 21.12.2025 02:26:44 | nssm | 1011 | Killing process C:\Caddy\caddy.exe because service Caddy is stopping. |
| Information | 21.12.2025 02:26:44 | SepScanService | 36 | The 'SepScanService' service is stopping. |
| Information | 21.12.2025 02:26:44 | Microsoft-Windows-User Profiles Service | 1532 | The User Profile Service has stopped.
|
| Information | 21.12.2025 02:27:11 | EventSystem | 4625 | The description for Event ID '1073746449' in Source 'EventSystem' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'86400', 'SuppressDuplicateDuration', 'Software\Microsoft\EventSystem\EventLog' |
| Information | 21.12.2025 02:27:11 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Service started/resumed' |
| Information | 21.12.2025 02:27:11 | Microsoft-Windows-User Profiles Service | 1531 | The User Profile Service has started successfully.
|
| Information | 21.12.2025 02:27:15 | nssm | 1040 | Service Caddy received START control, which will be handled. |
| Information | 21.12.2025 02:27:15 | Microsoft-Windows-WMI | 5615 | Windows Management Instrumentation Service started sucessfully |
| Information | 21.12.2025 02:27:15 | Microsoft-Windows-WMI | 5617 | Windows Management Instrumentation Service subsystems initialized successfully |
| Information | 21.12.2025 02:27:15 | Symantec Endpoint Protection | 34 | The 'SepMasterService' service is starting. |
| Information | 21.12.2025 02:27:15 | SepScanService | 34 | The 'SepScanService' service is starting. |
| Information | 21.12.2025 02:27:15 | Symantec Endpoint Protection | 35 | The 'SepMasterService' service has started. |
| Information | 21.12.2025 02:27:15 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Log on event received User1
' |
| Information | 21.12.2025 02:27:15 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Logon: 1
' |
| Information | 21.12.2025 02:27:16 | SepScanService | 35 | The 'SepScanService' service has started. |
| Information | 21.12.2025 02:27:16 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Received Post Shell Event 1
' |
| Information | 21.12.2025 02:27:18 | nssm | 1008 | Started C:\Caddy\caddy.exe run --config C:\Caddy\Caddyfile for service Caddy in C:\Caddy. |
| Information | 21.12.2025 02:27:23 | Desktop Window Manager | 9027 | The Desktop Window Manager has registered the session port. |
| Information | 21.12.2025 02:27:24 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:' SessionDisconnect: 1
' |
| Information | 21.12.2025 02:27:24 | Desktop Window Manager | 9027 | The Desktop Window Manager has registered the session port. |
| Information | 21.12.2025 02:27:25 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:' SessionReconnect: 1
' |
| Information | 21.12.2025 02:27:40 | Symantec AntiVirus | 16711694 |
Symantec Endpoint Protection services startup was successful. |
| Information | 21.12.2025 02:29:19 | Certify.Service | 0 | Service started successfully. |
| Information | 21.12.2025 02:29:20 | edgeupdate | 0 | Service stopped. |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | Network Intrusion Prevention enabled |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | Internet Explorer Browser Intrusion Prevention enabled |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | Firefox Browser Intrusion Prevention enabled |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | Browser Extension Protection enabled |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | Memory Exploit Mitigation enabled |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | This device is not licensed for Memory Exploit Mitigation Custom Applications. |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | URL Reputation enabled |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | Already running process (PID:2272) 'C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Bin64\ccSvcHst.exe' is affected by a change to the application rules. |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | Already running process (PID:2280) 'C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Bin64\ccSvcHst.exe' is affected by a change to the application rules. |
| Information | 21.12.2025 02:29:20 | Symantec Network Protection | 400 | Already running process (PID:3356) 'C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Bin64\ccSvcHst.exe' is affected by a change to the application rules. |
| Information | 21.12.2025 02:29:21 | MSDTC 2 | 4202 | The description for Event ID '1073746026' in Source 'MSDTC 2' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'0', '0', '0', '0', '0', '0', '1', 'Mutual Authentication Required', 'NT AUTHORITY\NetworkService', '0', '0', '1' |
| Information | 21.12.2025 02:29:22 | Software Protection Platform Service | 900 | The Software Protection service is starting.
Parameters: |
| Information | 21.12.2025 02:29:23 | Software Protection Platform Service | 1066 | Initialization status for service objects.
C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
|
| Information | 21.12.2025 02:29:24 | Software Protection Platform Service | 1003 | The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 179bbfdb-3b18-4fa6-af8f-86f740f28fef, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 22105925-48c3-4ff4-a294-f654bb27e390, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 2e7a9ad1-a849-4b56-babe-17d5a29fe4b4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 3c006fa7-3b03-45a4-93da-63ddc1bdce11, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 3c2da9a5-1c6e-45d1-855f-fdbef536676f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 60d99e35-ba21-46e5-abf9-877d5dd815de, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 661f7658-7035-4b4c-9f35-010682943ec2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 8c1c5410-9f39-4805-8c9d-63a07706358f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 9db83b52-9904-4326-8957-ebe6feedf37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: a2ae7054-d580-4c06-a79b-1662e6f6955c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
11: afd55ac6-d0b0-4812-9047-6c756d82bedf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: c0b765fd-6e2e-42f9-80d7-4a7ca0d118cf, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
13: d6992aac-29e7-452a-bf10-bbfb8ccabe59, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: e73aabfa-12bc-4705-b551-2dd076bebc7d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: f3d100a3-7544-4580-be0b-88d452b4a881, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: f70cf82b-0a95-4f14-a0a9-cb968d337962, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: 0a0d7c2b-1348-49ac-a3b6-0544a02b0487, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: 4527aa66-c28b-4c75-89f9-12219c025bbd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: 4cd0ab30-73a4-4dde-972c-512f05be31df, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
20: 5ccf6b5d-82ca-45ae-bd4a-97a0b8043b8f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
21: 5e3e2365-8af0-4243-8b45-58f79a21fcd0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
22: 5f16ef88-992e-4593-9380-8f67e12890d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
23: 66a821fd-67c3-4bad-a5a8-f489a9f3894c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
24: 87a9e3b9-8bf6-4cdc-9064-78b4b8b17560, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
25: 91bcac0a-d7d3-4d2b-bd0c-72fed675f01b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
26: b57dc6e1-607c-4c5d-96a6-8929dfdfade9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
27: baa43e5a-197d-427a-9acd-e1f494b230d2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
28: e0d89b2c-d3a7-445b-b6d6-65d6c92fe1e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
|
| 0 | 21.12.2025 02:29:24 | Software Protection Platform Service | 902 | The Software Protection service has started.
10.0.14393.8592 |
| Information | 21.12.2025 02:29:54 | Software Protection Platform Service | 16384 | Successfully scheduled Software Protection service for re-start at 2125-11-27T01:29:54Z. Reason: RulesEngine. |
| 0 | 21.12.2025 02:29:54 | Software Protection Platform Service | 903 | The Software Protection service has stopped.
|
| Information | 21.12.2025 02:30:04 | igfxCUIService2.0.0.0 | 0 | The description for Event ID '0' in Source 'igfxCUIService2.0.0.0' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:' SessionDisconnect: 1
' |
| Warning | 21.12.2025 02:32:41 | Symantec WSS Traffic Redirection | 16715683 |
Web and Cloud Access Protection disabled. |
| Information | 21.12.2025 02:34:07 | Microsoft-Windows-LoadPerf | 1001 | Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. |
| Information | 21.12.2025 02:34:07 | Microsoft-Windows-LoadPerf | 1000 | Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. |
| Warning | 21.12.2025 02:36:33 | Symantec Network Protection | 400 | [SID: 35256] Web Attack: Meta React Server Components CVE-2025-55182 attack blocked. Traffic has been blocked for this application: C:\CADDY\CADDY.EXE |
| Warning | 21.12.2025 02:36:33 | Symantec Network Protection | 400 | [SID: 35273] Web Attack: Malicious Payload Upload 40 attack blocked. Traffic has been blocked for this application: C:\CADDY\CADDY.EXE |