Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 63 Source: WinMgmt

A provider, <provider name>, has been registered in the WMI namespace, <namespace>, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
According to TD315566, in order to fix this problem you need to obtain a version of the provider that does not run under the LocalSystem security context.
From a newsgroup post: "Typically occuring when a Service Pack is applied, these messages are completely normal. This happens when the Windows Management Instrumentation (WMI) Provider is doing it's business."

From a newsgroup post: "This warning is by design. The reasoning behind the warning is that we are letting the users know that any WMI provider that runs under the LocalSystem context is not optimal. Therefore, we just provide the warning anytime the WMI service starts up. We will be writing a KB article to keep administrators and users informed on this issue".
As per Microsoft: "Health Monitor registers several Windows Management Instrumentation (WMI) providers to run under the local system account to access the information that the providers supply. Because providers that run under the local system account pose a greater risk if they are compromised, Microsoft Windows 2003 generates warnings when these providers are registered". See ME820460 to find out for what providers this event is generated.

See ME891642 for more information on this issue.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.