Categories: Windows

WDAGUtilityAccount Windows Security Log

The Windows Security Log event ID 4797 with a description of "An attempt was made to query the existence of a blank password for an account." and Target Account Name WDAGUtilityAccount is related to Windows Defender Application Guard. It was found during digging through event logs because of separate issue.

 

 

 

An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID: LOCAL SERVICE
 Account Name: LOCAL SERVICE
 Account Domain: NT AUTHORITY
 Logon ID: 0x3E5

Additional Information:
 Caller Workstation: VISUALBLINDFX
 Target Account Name: WDAGUtilityAccount
 Target Account Domain: VISUALBLINDFX

The following was found here https://blogs.technet.microsoft.com/drew/2017/07/15/wdagutilityaccount/.

If you see an alert in your log solution for a new local account created for username: WDAGUtilityAccount (event id 4720 or 4722).

This account is part of Windows Defender Application Guard which is included with RS3 (aka windows 10 fall update). The account is disabled also WDAG is not enabled. Basically you have user enrolled in the Windows 10 insider program and their box was updated with a new build that includes the WDAG bits.

Share
Disqus Comments Loading...

Recent Posts

VMWare vSphere 6.7 ESXTOP Output Garbled

If your VMWare vSphere 6.x environment command output of esxtop looks like a bunch of garbled gibberish (it's actually CSV… Read More

February 28, 2019 7:39 pm 19:39

How To Run RoboCopy Backup in Parallel

From time to time Windows Admins will surprise you with band-aid and bubble gum scripts, that's entirely expected I think.… Read More

February 28, 2019 12:20 pm 12:20

Windows 10 GodMode - The Ultimate Administrator Shortcut

Have you ever wondered what life might be like if the Windows 10 OS somehow had a single folder that… Read More

February 28, 2019 7:58 am 07:58

Samsung Galaxy S9 G960/G965 Stock ROM Firmware Download

There could be any number of reasons for needing to flash manufacturer stock OEM firmware on a Samsung Galaxy S9… Read More

January 24, 2019 7:42 am 07:42

Output IP Address with ipconfig Findstr Ethernet Adapter

How many times have you entered  ipconfig /all at the command line to return a single IP address, then have to strain… Read More

January 20, 2019 12:39 am 00:39

AWS SES Assistance in Enterprise Market - A Must Read

Designing e-mail solutions on a large scale can be a complex and costly challenge for a business: you need to… Read More

December 25, 2018 4:01 pm 16:01