Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 64006 Source: WindowsFileProtection

Level
Description
The protected system file <file> was not restored to its original, valid version because the Windows File Protection restoration process was configured to not bring up windows. The currently logged on user was <username>. The file version of the bad file is <file version>.
Comments
 
From a newsgroup post: "Protected files are listed in a catalogue and generally whenever any updates are performed the catalogue is updated with the latest version of the “dll” and a copy is placed in the “dllcache” folder (this is where they are restored from). It sounds like you have got a policy configured to not bring up the warning dialogue when a protected file is being replaced. This has resulted in the “dll” being replaced by one which wasn't listed in the catalogue. It might be that this is an older version which it is complaining about. If you run “SFC /scannow” it will scan your existing system files and check them against the catalogue. You might see more information about the conflict once it is detected by this command".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...