Event ID - 4656

Event Id4656
SourceMicrosoft-Windows-Security-Auditing
DescriptionA handle to an object was requested.

Subject:
      Security ID:<Security ID>
      Account Name:<Account Name>
      Account Domain:<Account Domain>
      Logon ID:<Logon ID>     

Object:
      Object Server:<Object Server>
      Object Type:<Object Type>
      Object Name:<Object Name>
      Handle ID: <Handle ID>     

Process Information:
      Process ID: <Process ID>
      Process Name:<Process Name>     

Access Request Information:
      Transaction ID:<Transaction ID>
      Accesses:<Accesses>
      Access Mask:<Access Mask>
      Privileges Used for Access Check:
Restricted SID Count:<Restricted SID Count>     

Event InformationCause :
This event is genererated when any file or folder and registry of a system is accessed by Users.
Note:
This event is recorded when an user enable auditing on an object.
Resolution :
This is an information event and no user action is required.
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh