- Free Edition
- Quick Links
- Active Directory Auditing
- Active Directory auditor
- Active Directory monitoring
- Account lockout analyzer
- Login monitoring software
- Active Directory change notifier
- User logon audit reports
- AD logon logoff tracker
- User logon failure auditing
- Login history tracking tool
- AD change auditor
- Insider threat detection software
- Permissions change auditing
- Entra ID reporting
- Privileged user monitoring
- User behavior analytics tool
- Active Directory security monitoring
- Group Policy auditing tool
- GPO change auditor
- Entra ID auditing
- Audit user account management
- OU change auditor
- Audit group membership changes
- Active Directory auditing and reporting tool
- GPO reporting tool
- Remote desktop monitoring software
- PowerShell logging and auditing
- Azure password protection auditing
- Azure sign-in risk detection
- File Server Auditing
- Windows Server Auditing
- Employee Tracking
- Workstations Auditing
- Compliance Auditing
- Other features
- SIEM Integration
- Windows DNS - Schema Auditing
- Windows security event log monitoring
- SIEM audit solution
- Schedule Active Directory change reports
- Reports from Archived Data
- Aggregated summary reports
- AD new/old attribute changes
- Audit trail
- Audit Active Directory LAPS
- Scheduled Reports & Alerts
- Account lockout examiner
- Industry
- Documents
- Success Stories
- Related Products
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- ADManager Plus Active Directory Management & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- DataSecurity Plus File server auditing & data discovery
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- AD Free Tools Active Directory FREE Tools
Event ID 4658 – The Handle To An Object Was Closed
| Event ID | 4658 |
|---|---|
| Category | Object Access |
| Sub-Category | File System; Handle Manipulation; Kernel Object; Registry; Removable Storage |
| Type | Success Audit |
| Description | The handle to an object was successfully closed. |
Event 4658 is logged when the handle to an object is closed. This object could be of any type — file system, kernel, registry object, or a file system object stored on a removable device. This event is logged only if in the Audit Handle Manipulation subcategory, "Success" auditing is enabled.
This log data provides the following information:
- Security ID
- Account Name
- Account Domain
- Logon ID
- Object Server
- Handle ID
- Process ID
- Process Name
Why does event ID 4658 need to be monitored?
- To know how long a handle was open.
- To track actions and operations related to a particular object handle
- To monitor if restricted processes are closing handles
- To detect anomalies and malicious actions
- To ensure non-active, external, and restricted accounts are not used
- To ensure that only white-listed accounts perform certain closing actions
- To enforce conventions and compliances
Pro Tip:
ADAudit Plus provides real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. The advanced Group Policy settings real-time audit reports provide detailed information about object related events.
Event 4658 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Corresponding event in Windows 2003 and before: 562
