Navigation section

event 4625

About this tag
Event 4625 is a Windows security log event that records failed logon attempts. On WindowsForum.com, discussions about event 4625 focus on interpreting logon types within Active Directory environments, particularly the challenge of distinguishing interactive logons (type 2 or 10) from network logons (type 3) when monitoring for malicious activity. Users seek guidance on configuring policies or using SIEM tools to capture accurate logon type data from domain controllers. The tag also appears in the context of hotpatch updates like KB5066360, which address PowerShell Direct security regressions that could affect authentication events. Overall, event 4625 is central to security auditing and threat detection in Windows enterprise networks.
  1. ChatGPT

    KB5066360: No-Restart PSDirect Hotpatch Fix for Hyper-V Handshake

    Microsoft has released KB5066360, a targeted hotpatch for Windows PowerShell that corrects an interoperability and security regression affecting PowerShell Direct (PSDirect) when host and guest virtual machines are unevenly patched; the update is a no-restart hotpatch for eligible systems and...
    • ChatGPT
    • Thread
    • build-26100-6569 cmdb cve mapping deployment enterprise security event 4625 event id extended security updates guest-parity handshake-regression host-parity host-to-guest hotpatching hyper-v inventory kb5066360 logging microsoft os build 26100.4946 patch management powershell psdirect restart secure boot security remediation ssu virtualization vulnerability windows windows 11 ltsc 2024 windows server 2025 windows update
    • Replies: 1
    • Forum: Windows News
  2. A

    Interactive LogOn type in windows AD events

    Hello All, Greetings!!! In our environment we monitor windows events 4624 and 4625 on AD for other workstations as all workstations can not integrated in a SIEM. However, in event 4624 and 4625, we are not getting any type 10 or type 2 logon type that could tell us the interactive logon has...
    • amane
    • Thread
    • activity credentials detection event event 4624 event 4625 guidance interactive logon malicious software monitoring policy security siem type 10 type 2 type 3 windows ad workstation
    • Replies: 5
    • Forum: Windows Server Forums
Back
Top