sysinfo i/o

We're off to see the wizard

  • ~
  • WINTEL
    • ACTIVE DIRECTORY
    • CITRIX
    • COMMANDS
    • EXCHANGE
    • IIS
    • POWERSHELL
    • MSSQL SERVER
  • LINUX
    • APACHE
    • BASH
    • NGINX
    • MONITORING
    • UTILITIES
  • SCRIPTS
    • BASH – GNU/Linux
    • BASH – BSD
    • BATCH
    • POWERSHELL
    • SQL
    • VBSCRIPT
  • DOWNLOADS
  • TIPS
  • NETWORKING
    • SSL
    • DNS
    • VPN
  • LINKS
    • COUCH POTATO
    • GITHUB
    • IPCONFIG.IO
    • PRISM-BREAK
    • PRIVATEBIN
    • UPTIME STATUS
    • TOOLBOX
    • TRAVISFLIX
    • VS CODE
  • ABOUT
    • CONTACT
Home / Operating Systems / Windows / WDAGUtilityAccount Windows Security Log

November 20, 2017 2:14 am By Travis Leave a Comment

WDAGUtilityAccount Windows Security Log

WDAGUtilityAccount Windows Security Log

The Windows Security Log event ID 4797 with a description of “An attempt was made to query the existence of a blank password for an account.” and Target Account Name WDAGUtilityAccount is related to Windows Defender Application Guard. It was found during digging through event logs because of separate issue.

 

 

 

An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID: LOCAL SERVICE
 Account Name: LOCAL SERVICE
 Account Domain: NT AUTHORITY
 Logon ID: 0x3E5

Additional Information:
 Caller Workstation: VISUALBLINDFX
 Target Account Name: WDAGUtilityAccount
 Target Account Domain: VISUALBLINDFX

The following was found here https://blogs.technet.microsoft.com/drew/2017/07/15/wdagutilityaccount/.

If you see an alert in your log solution for a new local account created for username: WDAGUtilityAccount (event id 4720 or 4722).

This account is part of Windows Defender Application Guard which is included with RS3 (aka windows 10 fall update). The account is disabled also WDAG is not enabled. Basically you have user enrolled in the Windows 10 insider program and their box was updated with a new build that includes the WDAG bits.

Related

Filed Under: Windows Tagged With: WDAG, Windows Defender Application Guard

My Tweets

POPULAR DOWNLOADS

  • KMS Pico Activator (1290 downloads)
  • VERIZON S7 SM-G930V (1204 downloads)
  • AT&T S7 G930AATT1APB5 (1149 downloads)
  • AT&T S7 Edge SM-G935A (858 downloads)
  • VERIZON S7 EDGE SM-G935V (683 downloads)
  • Odin_v3.12.3.zip (637 downloads)
  • T-MOBILE S7 EDGE SM-G935T (611 downloads)
  • Lucky Patcher v6.3.9 (529 downloads)
  • Lucky Patcher v6.4.2 (515 downloads)
  • Lucky Patcher v6.3.7 (497 downloads)

POPULAR POSTS

  • Samsung Galaxy S9 G960/G965 Stock ROM Firmware Download
    Samsung Galaxy S9 G960/G965 Stock ROM Firmware Download
  • Force Delete Windows Server DHCP Failover Relationship
    Force Delete Windows Server DHCP Failover Relationship
  • Android Connect to Microsoft SSTP VPN Free
    Android Connect to Microsoft SSTP VPN Free
  • How to Remove OneDrive from Quick Access
    How to Remove OneDrive from Quick Access
  • Official Samsung Galaxy S7 USA Stock ROM Firmware Download
    Official Samsung Galaxy S7 USA Stock ROM Firmware Download
  • Activate Windows and Office with KMSpico
    Activate Windows and Office with KMSpico
  • Nginx no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking
    Nginx no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking
  • PowerShell Scripts
    PowerShell Scripts
  • Bittorrent IP Blocklists
    Bittorrent IP Blocklists
  • Purge Nginx WordPress Cache with fastcgi_cache_purge
    Purge Nginx WordPress Cache with fastcgi_cache_purge

Made with