I have a windows 2003 Server. In active directory I have a sophossauXXXXXX0 account for updates. I have sophos enterprise console 4.5.1.0. That account for the last 5 days has been showing up in security log with the following info.
Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 528 Date: 3/17/2013 Time: 10:12:03 AM User: DOMAIN\SophosSAUxxxxxxx0 Computer: SERVER Description: Successful Logon: User Name: SophosSAUxxxxxx0 Domain: Doamin Logon ID: (0x0,0x9BC8246) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: SERVER Logon GUID: {905b5636-59d1-e8ed-1aa3-fa46469c6765} Caller User Name: SERVER$ Caller Domain: DOMAIN Caller Logon ID: (0x0,0x3E7) Caller Process ID: 3812 Transited Services: - Source Network Address: - Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I removed all server specific information.I dont think this is correct or should be happening. I scan the computer for virus's or malware everything comeback clean. Had one problem a week ago with a bes server account that connects to my DC that had malware. If I disable this account the events do not show but sophos will not update. i have uninstalled sophos and reinstalled.
Any help would be appreciated.
This thread was automatically locked due to age.