5068 A cryptographic function provider operation was attempted
Written when an operation on a cryptographic function provider is attempted. It is one of a family of events capturing CNG configuration operations.
Overview
The subcategory is Audit Other Policy Change Events. It is generated when an operation on a CNG cryptographic function provider (a module implementing a specific cryptographic function) is attempted.
How it is triggered
- Referencing or operating on a cryptographic function provider.
Security review points
- It is a configuration-operation event with low individual security value. If you suspect insertion of a rogue provider, confirm it together with crypto provider operation 5063 and other crypto-configuration events.
Notes for log review
- Monitor crypto-configuration events as a group and note unfamiliar provider operations.
Key fields
| Field | Meaning |
|---|---|
Provider / Operation | The target provider and operation |
Subject | The acting subject |