Event 4625 on a personal computer

Hello,

Sorry for the very long time without any feedback, I was testing a few things. I realized this event happened after I uninstalled OneDrive, so I tried re-installing the program and seeing if it fixed it. To my surprise, this seemed to have "fixed" it - I went for 14 days without any "Audit Failure" events and was even going to share my "solution" to the problem here. However, yesterday, the event started popping up again and it has happened four times by the time I'm writing this. The only "different" thing I did yesterday was installing GlassWire and activating Network discovery, and so I tried uninstalling it completely and deactivating Network discovery to see if the login failure event would stop happening. Unfortunately, it didn't fix my problem. I thought I could try a System Restore to a point before I had installed GlassWire again, but my one remaining restore point from 10 days ago was deleted out of nowhere (my Windows always does this - not sure if this is normal, I've even changed the disk space usage for system restore points to the maximum amount a few months ago but the Restore Points just keep disappearing some days after the system creates them; this is not a recent problem and has always happened on my computer, so I don't think it's caused by a virus or anything of the sort). 

I've read on a few forum pages that this event might pop up when the system tries to access "shared" folders with the wrong permissions. To my knowledge, I don't have any shared folders, and I don't think GlassWire or OneDrive create shared folders (at least, I can't find any).

I've considered uninstalling Avast to test your theory that Avast might be causing this, but I'm starting to think it might not have anything to do with Avast since the event didn't happen for two weeks, and Avast was installed this whole time. I feel like I've read pretty much everything about this event and I'm running out of things to test. My computer seems to be running perfectly fine and everything seems to work normally. Is this worth looking into? You've mentioned that errors in the Event Viewer log don't need to be dealt with unless they're causing performance problems, but this event isn't logged as an "Error", it's a "Security Audit Failure", which sounds a bit ominous to me. I did find a few people with the same problem as me (though it seems to be something a bit rare) and no one seems to be able to explain this event very well. I guess I just want to know if this is a real security concern or if I should just try to ignore it. Sorry if I'm being repetitive, I'm mostly just trying to understand how my machine works and if everything is in order.

I once resolved every error in Event Viewer until I realized that it meant nothing to performance at all, that those errors only need to be dealt with if there are actual performance problems.

If you have Avast installed it could be the problem. No expert in forums has recommended Avast since it bloated up ten years ago and started causing issues.

I would uninstall any 3rd party antivirus in Settings > Apps > Apps & Features and try running only built-in Defender which gives adequate protection, best Windows performance, least issues, and is from Microsoft who knows how to protect their OS best.

After uninstalling antivirus in Settings > Apps > Apps & Features, restart the PC, then type Security in Start Search, open Windows Defender Settings, there and in Windows Defender Security Center fix anything that's flagged.

If you want the best on-demand scanner use Malwarebytes.

If you want to keep Malwarebytes as an on-demand scanner then you can disable its Real Time trial version in it's Settings > Accounts tab.

If you want to invest in the very best install of WIndows then do the gold standard Clean Install in this link which compiles the best possible Install of Windows which will stay that way as long as you stick with the tools and methods given, has zero reported problems, and is better than any amount of money could buy: http://answers.microsoft.com/en-us/windows/wiki...

It is a great learning experience that makes you permanently the master of your PC because you learn everything that works best and how to apply it with your own hands.

I hope this helps. Feel free to ask back any questions and keep me posted. If you'll wait to rate whether my post helped you, I will keep working with you until it's resolved

Hello,

That technet thread was made by me, I went there hoping someone would know what might be causing this but it seems it's still a mystery.

I've also already ran a full Malwarebytes scan with rootkit detection enabled, and a full Avast scan as well. Is it still possible that my system is somehow infected? Full scans with ESET Online Scanner and RogueKiller also did not detect any malware.

I've also already used sfc /scannow and repaired my damaged Windows files a while ago.

As for network monitoring - I did use Glasswire for a long time but couldn't spot anything suspicious or unusual, just my regular apps connecting to the network occasionally. I'm mostly interested in knowing if this could be a sign of hidden malicious activity but it seems there's no evidence to support it. Would you advise me to reinstall Windows to see if I get rid of this event, or would that be too much? I'm not very concerned about losing all my files if it means my system will be safe.

HI BB. I'm Greg, an installation specialist, 10 year Windows MVP, and Volunteer Guardian Moderator here to help you.

No more worries tthan when the same problem was posted here several days ago:

https://social.technet.microsoft.com/Forums/en-...

Run a full scan with the most powerful on-demand free scanner Malwarebytes:

https://www.malwarebytes.com/mwb-download/.

In the Scan Settings first set it to include scanning for Rootkits.

If necessary run it in Safe Mode with Networking, or Safe Mode accessed by one of these methods: https://www.digitalcitizen.life/4-ways-boot-saf...

Clean up anything found, restart PC and then run again until it comes up clean.

Check for any remainders in Settings > Apps > Apps & Features, and also in each of your browser's Extensions, Home Page settings, Search service or Add-On's as shown here: https://community.box.com/t5/How-to-Guides-for-...

Then check for damaged System Files: https://www.lifewire.com/how-to-use-sfc-scannow...

If it cannot repair them see Step 10 here to continue: http://answers.microsoft.com/en-us/windows/wiki...

If you want to keep Malwarebytes as an on-demand scanner then you can turn off its Real Time trial version in it's Settings > Account Details tab.

You can also monitor for network intrusion using free software like this:

https://www.lifewire.com/ids-and-prevention-ips...

I hope this helps. Feel free to ask back any questions and let us know how it goes. I will keep working with you until it's resolved.

______________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.