Forum Discussion
A security-enabled local group membership was enumerated
Hi FrankMartin1610,
the notifications triggered by the SharePoint server regarding the enumeration of a security-enabled local group membership and the establishment of a scheduled task align with anticipated behaviors within the SharePoint environment.
The alert labeled 'A security-enabled local group membership was enumerated' arises when a process systematically lists the members of a security-enabled local group on the respective computer or device.
This activity is a routine operation carried out by the Administrators group.
Also, the alert 'A scheduled task was created' is initiated by the service account overseeing the Workflow Manager.
SharePoint executes background tasks, oversees the environment, and manages scheduled processes that demand significant processing resources.
Such actions are considered standard in the SharePoint framework.
These alerts constitute integral components of SharePoint's operational framework and do not signify any security vulnerabilities.
You can consider whitelisting (or ignoring) these alerts in monitoring system.
4799(S) A security-enabled local group membership was enumerated. - Windows Security | Microsoft Learn
Long-running and scheduled operations | Microsoft Learn
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)