Lots of PDQ activity in Security event logs




  • Luke Nichols


    It looks like you are using a managed service account. Passwords for MSAs are stored in active directory and the server has to retrieve the password from AD in order to authenticate the account. This process is going to generate lots of logs like this no matter what you do, it is inevitable.

    I would say that it is not a cause for concern, these are literally just logs of your PDQ managed service account authenticating to active directory. Frankly if these logs didn't exist there would be a problem since your PDQ would be broken.

    What exactly are you/your supervisor concerned about? Are these logs filling up your SIEM solution or something like that?

    Comment actions Permalink
  • Lee Ezell

    Luke, I appreciate the answer. My supervisor just didn't understand why there were so many of them and what they meant. I will pass along your answer and i'm sure that will satisfy him :) 


    Thanks again bud.

    Comment actions Permalink

Please sign in to leave a comment.