5065 A cryptographic context modification was attempted
Written when a modification of a cryptographic context is attempted. It is one of a family of events capturing CNG configuration changes.
Overview
The subcategory is Audit Other Policy Change Events. It is generated when a modification of a CNG cryptographic context is attempted. Whereas 5064 is the operation version, this indicates a modification.
How it is triggered
- A settings change to a cryptographic context.
Security review points
- It is a configuration-change event with low individual security value. Confirm, together with other crypto-configuration events (5063/5064/5066-5070), whether an unexpected change is tampering with the crypto configuration.
Notes for log review
- Monitor crypto-configuration events as a group and note unfamiliar changes.
Key fields
| Field | Meaning |
|---|---|
Operation | The modification type |
Subject / Process Name | The origin |