This event generates in BCryptAddContextFunctionProvider() and BCryptRemoveContextFunctionProvider() functions. These functions are Cryptographic Next Generation (CNG) functions.
For more information about Cryptographic Next Generation (CNG), visit these pages:
This event is used for Cryptographic Next Generation (CNG) troubleshooting.
There's no example of this event in this document.
Subcategory: Audit Other Policy Change Events
Event Schema:
A cryptographic function provider operation was attempted.
Subject:
Security ID:%1
Account Name:%2
Account Domain:%3
Logon ID:%4
Configuration Parameters:
Scope:%5
Context:%6
Interface:%7
Function:%8
Provider:%9
Position:%10
Operation:%11
Return Code:%12
Required Server Roles: None.
Minimum OS Version: Windows Server 2008, Windows Vista.
Event Versions: 0.
Security Monitoring Recommendations
- Typically this event is required for detailed monitoring of CNG-related cryptographic functions. If you need to monitor or troubleshoot actions related to specific cryptographic functions, review this event to see if it provides the information you need.