Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|English: Request a translation of the event description in plain English.|
As per Microsoft, if an application enables AppInit DLLs, Windows logs a warning in the System Event Log. The event log entry includes a list of the DLLs that are loaded by using the AppInit_DLL mechanism. The AppInit_DLLs infrastructure provides a mechanism that lets an arbitrary list of DLLs (AppInit DLLs) be loaded into each user-mode process on the system.
You can view this list on the Details tab in Event Viewer. Wininit logs this warning one time for each boot session.
See EV100126 - (AppInit DLLs in Windows 7 and Windows Server 2008 R2) for a full length Word document article about this infrastructure.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated