Security Audit Seems to Steal Focus from Photoshop

Discussion in 'Windows 7 Help and Support' started by Rebooter, May 30, 2010.

  1. Rebooter

    Rebooter New Member

    Joined:
    May 30, 2010
    Messages:
    12
    Likes Received:
    0
    I've been having this problem in Windows 7 64-bit with Photoshop CS3. I will be trying to make a selection with the polygon tool, then at random times in the middle of doing this, I get this little flash from the desktop and the selection is closed before I am finished, which is often painfully annoying when making detailed selections as I have to start again and do it all over.

    I check in the Event Viewer in the Security section and I'll see an 'Audit Success' event with 'Microsoft Windows security auditing' as the source when this has happened:

    An account was successfully logged on.

    Subject:
    Security ID: SYSTEM
    Account Name: KENPC2$
    Account Domain: GROUP1
    Logon ID: 0x3e7

    Logon Type: 5

    New Logon:
    Security ID: SYSTEM
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x224
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name:
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0


    These are mostly logon/logoff events and there are some 'Special Logon' events as well.

    I've seen some information stating that 'Advapi' is related to malware, while others say it is legit.

    If it is legit, is there anything I can do to prevent it from doing this little split-second focus stealing? It is driving me crazy.
     
  2. Mitchell_A

    Mitchell_A Excellent Member

    Joined:
    Feb 7, 2009
    Messages:
    5,068
    Likes Received:
    240
    Hello and welcome to the Windows 7 Forums :)
    Have you tried running CS3 as an administrator?
    That may solve the problem, though it's just a thought off the top of my head.
     
  3. Rebooter

    Rebooter New Member

    Joined:
    May 30, 2010
    Messages:
    12
    Likes Received:
    0
    Yes, I am already running it as Admin to solve problems with some older plugins.
     
  4. Rebooter

    Rebooter New Member

    Joined:
    May 30, 2010
    Messages:
    12
    Likes Received:
    0
    I'm still having this problem, any other ideas as to what could be done to prevent this? It's definitely 'Windows Security Auditing - Special Logon' that's causing it as it happened just before I posted this. It's in the event viewer right when I was using Photoshop to make a selection and it closed the selection before I was done.

    Is there maybe some way I could set a rule somewhere that would prevent this special logon from happening if Photoshop is running?
     
  5. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    I use Photoshop daily. For the Photoshop problem, you can use the lasso tool and at the top you have buttons: add, substract, etc... Choose subtract to subtract the selection it closed and then add more to your current selection. You don't have to start again. (p.s. If you hold down the ALT while in lasso, it will temporarily be the polygon tool.)

    Also, you can continue to add and subtract to your selection with the Alt and Shft buttons.
     
  6. Rebooter

    Rebooter New Member

    Joined:
    May 30, 2010
    Messages:
    12
    Likes Received:
    0
    Thanks for the tips zvit, I used to know that, but had forgotten.

    But, still it's annoying to have Windows constantly doing these special audit logons and interfering with my work, it did three of them in less than an hour a little while ago. I tried turning off all of the Action Center Security notifications but it still does these logons. I think Photoshop appears idle between clicks of the tool, so the service assumes it can safely do the logon I guess.

    I can't find anything in Administrative Tools that allows control of this, at least to the degree I would understand.
     
  7. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    Yes, I used to experience the same exact problem as you Rebooter. I don't know what I did to fix it, but in my regular tweaking, I've accomplished it.

    Perhaps have a look at the system scheduler. I deleted all sorts of stuff like the tasks that notify Microsoft of customer experience...basically everything I knew was not needed for my OS to run well for what I need.

    Maybe make a system restore point before doing anything, first.

    Type task scheduler in the start menu then hit enter. Then near the bottom, look at the tasks in next run time order. You can see what it going to run every day and those you can concentrate on the most. Others you can look at too to possibly delete. Double click the lines to see detailed info and/or get to the screen to delete.

    Good luck.
     
  8. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    I had another separate thought, so I figured it best for a new post:

    Have a look at the gadgets you're running. If any periodically update from the web and are poorly written, I can see it/them being able to do something like you're complaining of.

    In my more recent tweaks and changes, I chose to use the weather gadget included with Windows, instead of a 3rd party one.
     
  9. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    Good point about the gadgets. I disabled them as soon as I installed windows.

    This might help you figure out what service is the cause:
    advapi failed login locking account

    I know that HIS problem is the opposite, that the Advapi CAN'T log on, but look down at the first reply. It gives helpful links that will help you understand what it is and then maybe you can find it and deal with it properly.

    I would also advise that you run HijackThis but you should only do this if you have some above average computer skills. If not, just ask for help here.
     
  10. Rebooter

    Rebooter New Member

    Joined:
    May 30, 2010
    Messages:
    12
    Likes Received:
    0

    Ok, I hadn't thought of that. I'm running the MS wheather and calender, plus two third party: 'All CPU Meter' and 'Drives Meter'. I found that my version of All CPU Meter is several versions back, and the changelog for newest version mentions 'Fixed update notifier'. I'll try disabling these and see if it makes a difference.
     
  11. Rebooter

    Rebooter New Member

    Joined:
    May 30, 2010
    Messages:
    12
    Likes Received:
    0
    I've been Googling for info on this for a long time and I can never find anything that specifically addresses this issue. I did read the page you linked above, but it's hard to pin down.

    I have disabled/modified some tasks in Task Scheduler and removed the third party gadgets, but I still see the special logons in the event viewer. I'm still not sure if these are normal or not (guessing they are). I think Photoshop does some weird things that seem to have system wide effects, such as it will eat the ESC key system-wide when it's running (never did it in XP, just Win 7 in my experience), so maybe it has some system hook that is sensitive to these special logon events.

    I do have the 'GoogleUpdateTaskMachineUA' and 'GoogleUpdateTaskMachineCore' tasks in the task scheduler, It shows that they try to run once an hour, I changed them to wait for 10 minutes idle before they can execute, but I think I'll disable them and see what effect it has.

    I have done full scans of my system with several different virus/malware scanners, but they never find anything. I think I used HijackThis years ago, so I'll take a look at it again.
     
  12. zvit

    zvit Honorable Member

    Joined:
    Nov 3, 2009
    Messages:
    2,455
    Likes Received:
    84
    Usually (I would always but I can't say that cause I'm not a Microsoft programer) services that are scheduled to run network logins in the background do not cause visible notifications about a successful or failed log-in. That is why it seems abnormal. I doubt that it's google's update but I would recommend getting rid of that. It is for google's benefit and not yours and they have no business taking even a bit of your CPU.

    I also suggest you run a free program called Process Monitor Process Monitor and see exactly who did what, when and how. This program helped me many times. It's like having a security camera in your room and being able to finally see who's stealing your sandwich from the fridge.
    This is from the site's page:

    Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

    Tell us what you find. Good luck!
     
    #12 zvit, Jul 8, 2010
    Last edited: Jul 8, 2010

Share This Page

Loading...