Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1033 Source: OfficeSoftwareProtectionPlatformService

These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
App Id=59a52881-a989-479d-af46-f275c6370663
Sku Id=6f327760-8c5c-417c-9b61-836a98287e0c
From a support forum: "These are events associated with SPPSVC service startup and shutdown. The service is designed to shut down when nobody is using it. An application may call SL API, which will cause the service to wake up.

Here is some additional information that may help to investigate anomalies in SPPSVC wakeup-shutdown pattern (notice that starting up because some other app calls SL API is not an anomaly ):

First of all, before the service shuts down, it updates a Windows Task Scheduler task under Microsoft/Windows/SoftwareProtectionPlatform. This task is scheduled to wake up SPPSVC approximately <renewal interval> minutes after a successful SPPSVC renewal (typically seven days later). You may want to look at this entry to verify that the next wake up time is consistent with your KMS renewal interval. Pay attention to the “Next Run Time” and “Last Run Time” fields. (This task schedule entry is hidden, so you need to enable viewing hidden tasks from the View menu in the Task Scheduler).
Secondly, another potential reason for SPPSVC to keep waking up is another service: SPPUINOTIFY. This normally (when the system is in the licensed state) should run during KMS renewal and should shut itself down after the renewal has succeeded.

If both of the above are right (that is the task scheduler task is scheduled outside of 2 hours and sppuinotify service is stopped), then there can be only an external reason for SPPSVC to wake up."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.