Categories: Windows

WDAGUtilityAccount Windows Security Log

The Windows Security Log event ID 4797 with a description of “An attempt was made to query the existence of a blank password for an account.” and Target Account Name WDAGUtilityAccount is related to Windows Defender Application Guard. It was found during digging through event logs because of separate issue.

 

 

 

An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID: LOCAL SERVICE
 Account Name: LOCAL SERVICE
 Account Domain: NT AUTHORITY
 Logon ID: 0x3E5

Additional Information:
 Caller Workstation: VISUALBLINDFX
 Target Account Name: WDAGUtilityAccount
 Target Account Domain: VISUALBLINDFX

The following was found here https://blogs.technet.microsoft.com/drew/2017/07/15/wdagutilityaccount/.

If you see an alert in your log solution for a new local account created for username: WDAGUtilityAccount (event id 4720 or 4722).

This account is part of Windows Defender Application Guard which is included with RS3 (aka windows 10 fall update). The account is disabled also WDAG is not enabled. Basically you have user enrolled in the Windows 10 insider program and their box was updated with a new build that includes the WDAG bits.

Share
Disqus Comments Loading...

Recent Posts

Tinder Auto Swipe Like Shell Script

Shell script to auto swipe like on Tinder. It utilizes the tool called xdotool which… Read More

April 30, 2020 2:54 pm

FFmpeg Batch Transcode Audio

Recently I have been dealing with transcoding media files for my private streaming site, travisflix,… Read More

March 29, 2020 2:57 am

Windows Static Route Recovery

If you have messed up the routing table on a remote Windows Server, this network… Read More

March 27, 2020 9:08 pm

VMware Inter-VM Transparent Page Sharing

Enable Inter-VM Transparent Page Sharing (v5.x - 6.7) If you're using VMWare ESXi in a… Read More

February 29, 2020 2:06 am

Best Free Public Usenet News Server for NZBGet

If you are looking for the best free public usenet news server in active operation… Read More

February 10, 2020 4:43 pm

Bittorrent IP Blocklists

What is a Torrent IP Blocklist? A torrent IP blocklist is simply a giant database… Read More

October 26, 2019 3:31 pm