Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Windows File Protection|
The protected system file <file> was not restored to its original, valid version because the Windows File Protection restoration process was configured to not bring up windows. The currently logged on user was <username>. The file version of the bad file is <file version>.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the Windows File Protection?
From a newsgroup post: "Protected files are listed in a catalogue and generally whenever any updates are performed the catalogue is updated with the latest version of the “dll” and a copy is placed in the “dllcache” folder (this is where they are restored from). It sounds like you have got a policy configured to not bring up the warning dialogue when a protected file is being replaced. This has resulted in the “dll” being replaced by one which wasn't listed in the catalogue. It might be that this is an older version which it is complaining about. If you run “SFC /scannow” it will scan your existing system files and check them against the catalogue. You might see more information about the conflict once it is detected by this command".
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated