Event ID # 4625 Logs in DC Servers since Desktops / Laptops Bitdefender Endpoint Upgrade 7.6.3.212

We have onpremise Bitdefender GravityZone server and Windows 10 Desktops / Laptops.

The Bitdefender Policy – General Update is set to every 1 hour.

We have a third party IT application that will collect Windows Event Logs (success and failed logins) from all Microsoft Active Directory DC (Windows 2016) Servers. In our daily routine, we (IT Dept) look for high failed AD logins and blank (dash) login. Then we will investigate on these.

The high failed blank (dash) login started to show up on in DC servers EventLogs on last Monday, Sept 19th or Tuesday, 20th when all our desktops and laptops Bitdefender product upgraded to version 7.6.3.212.

The Event ID 4625 in the DC servers would happen every one hour on different desktop / laptop IP numbers. Pattern of every 1 hour per desktop or laptop. Again, the Bitdefender Policy – General Update is set to every 1 hour.

Are you seeing the Event ID 4625 in your DC servers every 1 hour or every # hour according to your Bitdefender Policy - General - Update? The every 1 hour is when the desktops / laptops do a very quick Bitdefender check / update / whatever.

It is not affecting any normal users day to day applications / work.

It is just us IT Department seeing a higher failed logins based on Event ID 4625 in the DC servers EventLogs.

Thank you.

Comments

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    Since you need help with business product, @Alex_Dr or @Andra_B could take a look here and help you with the issue.

    Also, you can always contact the Bitdefender business support:

    https://www.bitdefender.com/business/support/en/71263-85158-contact.html

    Regards.

  • Hi Gjoksi,

    I do have an open Bitdefender Support Ticket.

    I was just curious if anyone else have seen Event ID 4625 in your DC servers EventLogs.

    Thank you

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello again.

    Just wait for a reply from @Alex_Dr and/or @Andra_B, since they both provide techical support for Bitdefender business products.

    Kind regards.

  • Hi @DeanC-the-IT

    It is indeed good that you have contacted our Enterprise Support Department about this, as we require a support tool for such events so that we can gain insight, to figure out what could be causing you to receive this error message.

    Please let me know how it worked!

    Regards,

    Andra_B

  • The Bitdefender Endpoint Security Point version 7.7.2.228 for Windows fixed our issue. According to the Bitdefender Engineer, they made a change in the latest release to how the Bitdefender query ldap or ldaps.