search cancel

Windows Security Event logs filled with Event ID 4673

book

Article ID: 200128

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) is causing the Windows Security Event logs to be filled up with Event ID 4673

Event ID 4673 is called “Sensitive Privilege Use” and is tracked by the policy “Audit Privilege Use” which must have enabled in the environment.

Environment

Issue affects Symantec Endpoint Protection 14.2 RU2, 14.2 RU2 MP1, 14.3, and 14.3 MP1

Resolution

This issue is fixed in Symantec Endpoint Protection (SEP) 14.3 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.

Additional Information

ESCRT-3739