Kaseya Community

One of the servers that we monitor keeps getting this Security Audit log, we thought it was a hacking attempt the username, source address and port change all the time. We did a Malwarebytes scan found nothing, it is running Eset lastest. One of the guys thinks that it is SQL or the ACT program causing this. I have looked around and Googled and found nothing. Please help

Security log generated a multiple events alert on NEWDOMAIN.NEWDOMAIN.dotfoil, the follow events occurred: Security log generated Failure Audit Event 529
For more information see http://www.eventid.net/display.asp?eventid=529&source=Security

Log: Security
Type: Failure Audit
Event: 529
Agent Time: 05:10:56 AM 27-May-2011
Event Time: 11:10:56 AM 27-May-2011 UTC
Source: Security
Category: Logon/Logoff
Username: SYSTEM
Computer: SERVER07
Description: Logon Failure:

Reason: Unknown user name or bad password

User Name: administrator

Domain: NEWDOMAIN

Logon Type: 10

Logon Process: User32

Authentication Package: Negotiate

Workstation Name: SERVER07

Caller User Name: SERVER07$

Caller Domain: NEWDOMAIN

Caller Logon ID: (0x0,0x3E7)

Caller Process ID: 6660

Transited Services: -

Source Network Address: 173.193.6.207

Source Port: 3839

Multiple Security log generated for logon failure (Event 529)

How to Share Event Log sets

Event Log Collection

Security Generated Protection Disabled ALARM at 2/8/2011 11:33:48 AM on machinename.root.companyname.

Security Event log reporting

Security log generated multiple events alert|VA - Security Logon Events