Windows Event Viewer: Strange Audit Failure 4625

RonWeasley · 2022-03-31T19:58:58+00:00

There was an error rendering this rich post.

Having installed Bitdefender Total Security on Windows 11 recently, I am noticing strange Event Viewer entries. Every few minutes, I am getting an Audit Failure 4625 event, "An account failed to log on."

It is always preceded by an also worrying 4723 Audit Success event "An attempt was made to change an account's password." I've had 24 of these event pairs in the last hour.

Doing some googling, there has been talk of Bitdefender being responsible for these. Please can anyone confirm this? It is superficially worrying and would be good to know if BD is behind it so I can relax!

<Data Name="SubjectUserName">REDACTED$</Data>

<Data Name="SubjectDomainName">WORKGROUP</Data>

<Data Name="TargetUserName">Administrator</Data>

<Data Name="TargetDomainName">REDACTED</Data>

<Data Name="LogonProcessName">Advapi</Data>

<Data Name="AuthenticationPackageName">Negotiate</Data>

<Data Name="WorkstationName">REDACTED</Data>

<Data Name="ProcessName">C:\Windows\System32\lsass.exe</Data>

</EventData>

</Event>

Find more posts tagged with

Accepted answers

All comments

Alexandru_BD

Hello @RonWeasley and welcome to the Community!

I think these are related to the bdagent.exe, but i'm not 100% sure. I would recommend you to raise a ticket for the Technical Support Teams to provide an accurate response.

You can get in touch with our engineers by choosing one of the contact methods available here:

https://www.bitdefender.com/consumer/support/

Stay safe.

RonWeasley

Just for the record, folks, Bitdefender support have confirmed that this behaviour is normal and is simply caused by Bit Defender Agent checking to see if a password is set.

Alexandru_BD

Hi @RonWeasley,

Thank you for sharing the conclusion with us. Just as I suspected, the agent was the culprit 🙂