Hi,
Sorry in advance for any mistakes, I’m not very tech-savy and I’m mostly just trying to understand if this is something I should worry about. I noticed a few Event 4625 logs (Audit failure) on my Event Viewer (this is a personal computer and it’s not connected to a domain). They look like this:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 9/25/2019 1:31:23 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: SKELETOR
Description:
An account failed to log on.
Subject:
Security ID: SKELETOR\Pichau
Account Name: Pichau
Account Domain: SKELETOR
Logon ID: 0xAC4535
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Guest
Account Domain: SKELETOR
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xC000006E
Sub Status: 0xC0000072
Process Information:
Caller Process ID: 0x1790
Caller Process Name: C:\Windows\explorer.exe
Network Information:
Workstation Name: SKELETOR
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I’ve never seen these events before and they didn’t happen before installing GlassWire. I’ve uninstalled it and they were still happening, once or twice per day. Reinstalling also didn’t fix it. I don’t think this is caused by a virus - I ran several malware/trojan scans (including a boot scan) and they all came back clean. My system also doesn’t show any signs of infection. I was able to “fix” this somehow a while back after uninstalling GlassWire (but I can’t quite remember what I did since it was a while ago) and decided to reinstall it yesterday since I thought it was probably a coincidence and had nothing to do with GlassWire, but only a few hours after installing it, the event started to pop back up on the Event Viewer. I’ve done a fair bit on research about this Event and, in my case, it doesn’t seem to be anything malicious/dangerous, but I’d still like to know if this can be somehow related to GlassWire since it only seems to happen after I install it. I read somewhere that this Event might be related to shared folders permissions - does GlassWire affect that in any way? Also, is it safe to delete GlassWire’s registry keys, or should I leave it alone? I’ve managed to delete all the regular files, but I didn’t touch the registry since I don’t want to risk damaging anything, but I’m wondering if anything in these registry keys could be causing this. Again, sorry for the potentially confusing questions, I’m mostly trying to understand what can be causing this Event.