Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

Opera keeps calling SeTcbPrivilege

  • We use Security Onion in our office and we keep getting OSSEC alerts because Opera keeps trying to elevate privileges which fails which in turn triggers a security audit alert. We don't want to turn the alert off nor filter that event out.

    Was wondering if anyone else has come across this
    .
    {"timestamp":"2019-03-06T20:05:15.116+0000","rule":{"level":10,"description":"Windows: Multiple failed attempts to perform a privileged operation by the same user.","id":"18151","frequency":6,"firedtimes":550,"mail":true,"groups":["windows"],"pci_dss":["10.2.4","10.2.5","11.4"],"gdpr":["IV_35.7.d","IV_32.2"]},"agent":{"id":"005","name":"SN-WKS-08","ip":"192.168.150.211"},
    "manager":{"name":"SN-LAB-SEC01"},"id":"1551902715.1103192234","previous_output":"2019 Mar 06 13:04:55 WinEvtLog: Security: AUDIT_FAILURE(4673):
    Microsoft-Windows-Security-Auditing: (no user): no domain: SN-WKS-08.ad.XXXX.ca: A privileged service was called. Subject:
    Security ID: S-1-5-21-2358658803-1195769352-62849749-1226 Account Name: XXXX Account Domain: AD Logon ID: 0x281183 Service: Server: Security
    Service Name: - Process:
    Process ID: 0x2a6c
    Process Name: C:\Users\XXXX\AppData\Local\Programs\Opera\58.0.3135.79\opera.exe
    Service Request Information:
    Privileges: SeTcbPrivilege\n2019 Mar 06 13:04:55

Log in to reply