ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Windows Security Event logs filled with Event ID 4673


Article ID: 200128


Updated On:


Endpoint Protection


Symantec Endpoint Protection (SEP) is causing the Windows Security Event logs to be filled up with Event ID 4673

Event ID 4673 is called “Sensitive Privilege Use” and is tracked by the policy “Audit Privilege Use” which must have enabled in the environment.


Issue affects Symantec Endpoint Protection 14.2 RU2, 14.2 RU2 MP1, 14.3, and 14.3 MP1


This issue is fixed in Symantec Endpoint Protection (SEP) 14.3 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.

Additional Information