If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
certenroll.log file
I'm getting constant entries in this log file. And 2nd issue it's in my home folder.
Does anyone know what this is? Here's the contents: ================================================== ====================== 402.534.948: Begin: 5/16/2015 7:19 PM 03.985s 402.539.0: taskhostw.exe 402.543.0: GMT - 4.00 2005.228.0: certca.dll: 10.0.10074.0 retail 2005.228.0: certenroll.dll: 10.0.10074.0 retail 2004.622.0:2015/5/16, 19:19:04: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED) 402.379.949: End: 5/16/2015 7:19 PM 04.735s |
Ads |
#2
|
|||
|
|||
certenroll.log file
Maybe it's just your system.
"Big_Al" escreveu na mensagem ... I'm getting constant entries in this log file. And 2nd issue it's in my home folder. Does anyone know what this is? Here's the contents: ================================================== ====================== 402.534.948: Begin: 5/16/2015 7:19 PM 03.985s 402.539.0: taskhostw.exe 402.543.0: GMT - 4.00 2005.228.0: certca.dll: 10.0.10074.0 retail 2005.228.0: certenroll.dll: 10.0.10074.0 retail 2004.622.0:2015/5/16, 19:19:04: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED) 402.379.949: End: 5/16/2015 7:19 PM 04.735s |
#3
|
|||
|
|||
certenroll.log file
Big_Al wrote:
I'm getting constant entries in this log file. And 2nd issue it's in my home folder. Does anyone know what this is? Here's the contents: ================================================== ====================== 402.534.948: Begin: 5/16/2015 7:19 PM 03.985s 402.539.0: taskhostw.exe 402.543.0: GMT - 4.00 2005.228.0: certca.dll: 10.0.10074.0 retail 2005.228.0: certenroll.dll: 10.0.10074.0 retail 2004.622.0:2015/5/16, 19:19:04: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED) 402.379.949: End: 5/16/2015 7:19 PM 04.735s The topic shows up here. https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx Windows Desktop Apps : Develop Desktop technologies : Security and Identity : Certificate Enrollment API : About the Certificate Enrollment API : Public Key Infrastructure "The Certificate Enrollment API enables you to submit certificate and key archival requests to certification and registration authorities and install the issued certificate on a local computer. It does not enable you to directly manipulate the certificate database or certificate store." The search engines produced relative garbage when just fed certenroll Win10 Including a site search certenroll site:microsoft.com got me that technical article. I guess my first step, would be correlating the log entry, with the software I was using. Then including that software (browser or email client) as a search term. Obviously, something doesn't have the permissions it needs to carry out the operation. The fact the log is ending up in your home directory, instead of a system folder, kinda tells you the same thing. Then the question would be, can such commands be issued by ordinary users, and when they are, what happens. Since the info on certenroll doesn't give any concrete, real-world examples, I can't really tell you what the certificate might be for. Is it part of SSL/TLS ? HTTPS ? Or something else ? I can't tell if this is malware, or just some silly software that didn't get installed right. The first search I did, produced garbage results, so I couldn't even draw a conclusion from that, whether this was an exploit vector or not. Paul |
#4
|
|||
|
|||
certenroll.log file
Paul wrote on 5/17/2015 6:24 AM:
Big_Al wrote: I'm getting constant entries in this log file. And 2nd issue it's in my home folder. Does anyone know what this is? Here's the contents: ================================================== ====================== 402.534.948: Begin: 5/16/2015 7:19 PM 03.985s 402.539.0: taskhostw.exe 402.543.0: GMT - 4.00 2005.228.0: certca.dll: 10.0.10074.0 retail 2005.228.0: certenroll.dll: 10.0.10074.0 retail 2004.622.0:2015/5/16, 19:19:04: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED) 402.379.949: End: 5/16/2015 7:19 PM 04.735s The topic shows up here. https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx Windows Desktop Apps : Develop Desktop technologies : Security and Identity : Certificate Enrollment API : About the Certificate Enrollment API : Public Key Infrastructure "The Certificate Enrollment API enables you to submit certificate and key archival requests to certification and registration authorities and install the issued certificate on a local computer. It does not enable you to directly manipulate the certificate database or certificate store." The search engines produced relative garbage when just fed certenroll Win10 Including a site search certenroll site:microsoft.com got me that technical article. I guess my first step, would be correlating the log entry, with the software I was using. Then including that software (browser or email client) as a search term. Obviously, something doesn't have the permissions it needs to carry out the operation. The fact the log is ending up in your home directory, instead of a system folder, kinda tells you the same thing. Then the question would be, can such commands be issued by ordinary users, and when they are, what happens. Since the info on certenroll doesn't give any concrete, real-world examples, I can't really tell you what the certificate might be for. Is it part of SSL/TLS ? HTTPS ? Or something else ? I can't tell if this is malware, or just some silly software that didn't get installed right. The first search I did, produced garbage results, so I couldn't even draw a conclusion from that, whether this was an exploit vector or not. Paul Thanks. I'll try some of your tweaks to google search too and see if I can find out. I may just go down my list of software and run a few things to see if it causes more logs. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|