Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 64005 Source: WindowsFileProtection

Level
Description
The protected system file <file name> was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is <username>. The file version of the bad file is <file version>.
Comments
 
See ME292810 and ME315718 for information about this event.
When you start Windows XP and log on, your may receive the following error: “A problem is preventing Windows from accurately checking the license for this computer - Error code: 0x80070002”. When you press OK, you are returned to the Log On to Windows dialog. If you perform a System Restore, the problem may still persist.
This behavior will occur if you are missing the “%SystemRoot%\System32\secupd.dat” file and/or the “%SystemRoot%\System32\oembios.dat” file.
To resolve this problem:
1. Restart your computer and press F8 to start in Safe Mode.
2. Log on.
3. Right-click My Computer and press Manage.
4. Open the Event Viewer.
5. Check the System event log by using the View menu to Filter for an Event source of Windows File Protection since the last time you successfully logged on. You should be able to locate the files that could not be found during logon, probably as Event ID 64005.
6. Using another Windows XP computer, preferably as the same service pack and hotfix level, copy the missing files. If you do not have another Windows XP computer, you may be able to get the missing files from the Windows XP CD-ROM.
7. Restart your computer normally.
8. You may have to reapply the latest service pack and hotfixes. Perform a “sfc /scannow”, and check for viruses and other malware.
Self-explanatory.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...