Odd activity in Microsoft security events log

beginnerunknown 46 Reputation points

Doing some basic computer security self education. Does the code look odd to anybody? I am not on a shared network, I do not use a server and there are no guest profiles.

Event ID 5379:

  • <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  • <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <TimeCreated SystemTime="2021-12-01T10:14:22.3122754Z" />
    <Correlation ActivityID="{68aadd82-e48c-0002-dbdd-aa688ce4d701}" />
    <Execution ProcessID="756" ThreadID="1088" />
    <Security />
  • <EventData>
    <Data Name="SubjectUserSid">S-1-5-21-1116816216-3653774597-1769020264-1001</Data>
    <Data Name="SubjectUserName">NA</Data>
    <Data Name="SubjectDomainName">COMPUTER</Data>
    <Data Name="SubjectLogonId">0xc900d</Data>
    <Data Name="TargetName">WindowsLive:(cert):name=02hyxxuglzvccbuf;serviceuri=*</Data>
    <Data Name="Type">0</Data>
    <Data Name="CountOfCredentialsReturned">0</Data>
    <Data Name="ReadOperation">%%8100</Data>
    <Data Name="ReturnCode">3221226021</Data>
    <Data Name="ProcessCreationTime">2021-12-01T10:14:22.0256001Z</Data>
    <Data Name="ClientProcessId">13328</Data>
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,247 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
7,605 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Xiaopo Yang - MSFT 10,706 Reputation points Microsoft Vendor


    Welcome to Microsoft Q&A!

    According to Event ID 5379, This is a normal condition. No further action is required.

    Thank you.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.