Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 11 Source: wininit

Source
Level
Description
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Comments
 
As per Microsoft, if an application enables AppInit DLLs, Windows logs a warning in the System Event Log. The event log entry includes a list of the DLLs that are loaded by using the AppInit_DLL mechanism. The AppInit_DLLs infrastructure provides a mechanism that lets an arbitrary list of DLLs (AppInit DLLs) be loaded into each user-mode process on the system.

You can view this list on the Details tab in Event Viewer. Wininit logs this warning one time for each boot session.

See EV100126 -  (AppInit DLLs in Windows 7 and Windows Server 2008 R2) for a full length Word document article about this infrastructure.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...