I get the event below from a windows 7 workstaion frequently. Thoughts?
| Event Field | Information |
| OperationType | ObjectOpenFailure |
| AccessProperties | Mask: - |
| ServingProcess | {0x314,0} |
| OperationID | {00000000-0000-0000-0000-000000000000} |
| ObjectHandleID | 0x0 |
| ObjectName | PlugPlaySecurityObject |
| ObjectType | Security |
| ObjectServer | PlugPlayManager |
| PrivilegesExercised | 0x2 |
| AccessRequested | Unknown specific access (bit 1) |
| DestinationLogonID | |
| DestinationDomain | |
| DestinationAccount | |
| SourceLogonID | 0x2cebe |
| SourceDomain | BBBBBBB |
| SourceAccount | ZZZZZZZ |
| ExtraneousInfo | |
| ProviderSID | Microsoft-Windows-Security-Auditing 4656 |
| InferenceRule | |
| ToolAlias | Vista Security |
| Severity | 3 |
| DetectionTime | 12:50:08 Thu Apr 28 2016 |
| InsertionTime | 12:50:09 Thu Apr 28 2016 |
| DetectionIP | XXXXXX.i.fmedr.com |
| Manager | YYYYYYY |
| InsertionIP | XXXXXX.i.fmedr.com |
| EventInfo | Object open failed "PlugPlayManager (Security) PlugPlaySecurityObject" |
| Event Name | ObjectAuditFailure |