Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 64002 Source: WindowsFileProtection

Level
Description
File replacement was attempted on the protected system file c:\winnt\system32\acsmib.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.0.2167.1.
Comments
 
From a newsgroup post: "This problem appeared when I tried to install the Win2000 CL Banshee drivers and the setup attempted to replace banshee.dll and banshee.sys. Windows automatically replaced these files with older versions and this event was logged in my event log. In order to install the drivers I went to Control Panel/System/Hardware tab/Driver Signing Options and I checked "Ignore - Install all files, regardless of file signature". After this the drivers were installed without the appearance of this event".
A Windows 2000 feature: files considered vital to the system stability are automatically restored when they are deleted or overwritten with different versions.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...