Categories: Windows

WDAGUtilityAccount Windows Security Log

the windows security log event id 4797 with a description of “an attempt was made to query the existence of a blank password for an account.” and target account name wdagutilityaccount is related to windows defender application guard. it was found during digging through event logs because of separate issue.

 

 

 

an attempt was made to query the existence of a blank password for an account.

subject:
 security id: local service
 account name: local service
 account domain: nt authority
 logon id: 0x3e5

additional information:
 caller workstation: visualblindfx
 target account name: wdagutilityaccount
 target account domain: visualblindfx

the following was found here https://blogs.technet.microsoft.com/drew/2017/07/15/wdagutilityaccount/.

if you see an alert in your log solution for a new local account created for username: wdagutilityaccount (event id 4720 or 4722).

this account is part of windows defender application guard which is included with rs3 (aka windows 10 fall update). the account is disabled also wdag is not enabled. basically you have user enrolled in the windows 10 insider program and their box was updated with a new build that includes the wdag bits.

Share
Disqus Comments Loading...

Recent Posts

FreeNAS Error Creating Pool

command '('gpart', 'create', '-s', 'gpt', '/dev/da8')' returned non-zero exit status 1. If you get this error while trying to create… Read More

May 14, 2019 8:22 am 08:22

Change Grub Default Boot Entry on Linux Mint

i'm dual booting windows and linux mint on my laptop. the grub default is to boot into linux mint, however… Read More

April 23, 2019 7:45 pm 19:45

How to Reset Secure Channel On Active Directory Domain Controller

when you're a little too careless about virtualizing your domain controllers, cloning, migrating, backing up and restoring, returning from vacation… Read More

April 21, 2019 8:14 am 08:14

Run SystemD Script Before System Shutdown

for the sheer hell of it, a few weeks ago i wanted to see if i could properly and successfully… Read More

April 20, 2019 10:14 am 10:14

Learn Systemctl Usage to Manage Systemd Service in Linux

systemd is new service manager for linux. it's a replacement for all previous init systems (sysv/sysvinit & ubuntu's upstart) and… Read More

April 20, 2019 7:55 am 07:55

Force Delete Windows Server DHCP Failover Relationship

if you've found yourself here then chances are you messed up one of your domain controllers or at least one… Read More

April 20, 2019 5:54 am 05:54