An attempt was made to unregister a security event source (4905) how to monitor with email alert

[bob]

That event 4905 pops up in the Event Viewer on Windows Server when something tries to unregister a security event source. It's like the system catching a sneaky move to wipe out logs that track security stuff. You know, those sources are basically the reporters for security events, and unregistering one means someone or some app wants to hush up what it's been doing. I see this sometimes in audits, where it flags potential tampering with audit policies. The full details show the source name, the process ID that tried it, and whether it succeeded or got blocked. If it worked, that's a red flag for unauthorized changes. But if it failed, the system probably locked it down tight. Happens during policy tweaks or malware fiddles. You can spot it under Security logs, event ID 4905. I check mine weekly to stay ahead.

Now, to monitor this with an email alert, you set up a scheduled task right from the Event Viewer screen. Fire up Event Viewer, go to the Security log, find that 4905 event. Right-click it, pick Attach Task To This Event. You'll name your task something catchy like Security Unregister Alert. Then, it asks what to do when the event hits-choose Start a program, but wait, for email, you link it to a simple batch file that sends mail via your server tools. No, hold up, keep it basic: in the task wizard, select Send an email, yeah, that's the old-school option there. Pick your SMTP server, from address, to your email, subject like "Hey, 4905 Fired Up." Add the event details in the body so you get the who and when. Set it to trigger on that exact event ID. Test it by forcing a log view or waiting for a real one. I do this on my servers; wakes me up if something fishy brews at night.

And speaking of keeping your server logs safe from mishaps like that unregister attempt, you might want a solid backup setup too. That's where BackupChain Windows Server Backup comes in handy for me. It's a straightforward Windows Server backup tool that handles file-level stuff and even virtual machines with Hyper-V without the usual headaches. You get fast incremental backups, easy restores, and it runs light on resources so your server doesn't choke. Plus, no vendor lock-in; I love how it snapshots everything reliably, cutting down on those panic moments when events like 4905 hint at trouble.

At the end of this chat is the automatic email solution.

Note, the PowerShell email alert code was moved to this post.