Difference between system uptime and last boot time in windowsBattling Malware without spending moneyDo I have a virus on my hosted site?What is the difference between antivirus and firewallsDifference between antivirus and sandbox?Hidden network continually connecting that I cannot disconnectStrange and unknown user name on Windows 10How to prevent Firefox and Chrome from opening ports in the firewall?How to sandbox students' Python 3 code submissions for automatic assignment evaluation on Windows 10?
Suppose I capture encrypted data that I want to decrypt. Could I use a server farm to decrypt?
Why are Trump's handwritten notes being focused on in the news?
"the whole shabang" vs "the whole shebang"
Why does the Eurofighter Typhoon pitch up on brake release?
How can you weaponize a thermos?
Big equation writing in LaTeX
Displaying a Sudoku Board
How to assemble PCBs when SMT machine doesn't have enough feeders?
What is a polite way to clarify my gender in phone calls?
I might blow up!
Why don't electrical receptacles have more than one ground?
How to tell that this is a draw
Does a meditation count as resting for the purposes of gaining the other benefits of a short rest?
'Cannis' - Term used in seventeenth-century clothes manufacture
Why 401k contribution as % of salary vs. fixed amount per pay check?
Where to stand for this winter view in Grindelwald, Switzerland?
Can Teflon thread tape be reused?
What is a flight ticket coupon?
Is Fox News not classified as a news channel?
Game company goes bankrupt, another company wants to make a sequel how?
Large products with glass doors
Algorithmic thinking problems
Threatening to discontinue a service for a client
Does USB version speed matter for input devices?
Difference between system uptime and last boot time in windows
Battling Malware without spending moneyDo I have a virus on my hosted site?What is the difference between antivirus and firewallsDifference between antivirus and sandbox?Hidden network continually connecting that I cannot disconnectStrange and unknown user name on Windows 10How to prevent Firefox and Chrome from opening ports in the firewall?How to sandbox students' Python 3 code submissions for automatic assignment evaluation on Windows 10?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
As it shows in attached pictures, there is a "Difference between system uptime and last boot time" in my windows, it becomes an issue because AV, SIEM or every monitoring system shows a different time between system and boot.
Because of this problem, these workstations do not accept security policy from AV.
what is the reason?
How can I solve it?
antivirus windows-10 time
add a comment
|
As it shows in attached pictures, there is a "Difference between system uptime and last boot time" in my windows, it becomes an issue because AV, SIEM or every monitoring system shows a different time between system and boot.
Because of this problem, these workstations do not accept security policy from AV.
what is the reason?
How can I solve it?
antivirus windows-10 time
And why would this cause a workstation not to accept security policies from AV?
– Esa Jokinen
Sep 14 at 13:02
@EsaJokinen good question, i did contact the AV's support section and they told me, it is the reason.
– R1W
Sep 14 at 13:06
1
The clock is up to date with correct date & time?
– Paolo
Sep 14 at 21:27
@Paolo yes, it is corect.
– R1W
Sep 18 at 5:52
add a comment
|
As it shows in attached pictures, there is a "Difference between system uptime and last boot time" in my windows, it becomes an issue because AV, SIEM or every monitoring system shows a different time between system and boot.
Because of this problem, these workstations do not accept security policy from AV.
what is the reason?
How can I solve it?
antivirus windows-10 time
As it shows in attached pictures, there is a "Difference between system uptime and last boot time" in my windows, it becomes an issue because AV, SIEM or every monitoring system shows a different time between system and boot.
Because of this problem, these workstations do not accept security policy from AV.
what is the reason?
How can I solve it?
antivirus windows-10 time
antivirus windows-10 time
edited Sep 14 at 13:03
R1W
asked Sep 14 at 10:06
R1WR1W
1,3983 gold badges9 silver badges28 bronze badges
1,3983 gold badges9 silver badges28 bronze badges
And why would this cause a workstation not to accept security policies from AV?
– Esa Jokinen
Sep 14 at 13:02
@EsaJokinen good question, i did contact the AV's support section and they told me, it is the reason.
– R1W
Sep 14 at 13:06
1
The clock is up to date with correct date & time?
– Paolo
Sep 14 at 21:27
@Paolo yes, it is corect.
– R1W
Sep 18 at 5:52
add a comment
|
And why would this cause a workstation not to accept security policies from AV?
– Esa Jokinen
Sep 14 at 13:02
@EsaJokinen good question, i did contact the AV's support section and they told me, it is the reason.
– R1W
Sep 14 at 13:06
1
The clock is up to date with correct date & time?
– Paolo
Sep 14 at 21:27
@Paolo yes, it is corect.
– R1W
Sep 18 at 5:52
And why would this cause a workstation not to accept security policies from AV?
– Esa Jokinen
Sep 14 at 13:02
And why would this cause a workstation not to accept security policies from AV?
– Esa Jokinen
Sep 14 at 13:02
@EsaJokinen good question, i did contact the AV's support section and they told me, it is the reason.
– R1W
Sep 14 at 13:06
@EsaJokinen good question, i did contact the AV's support section and they told me, it is the reason.
– R1W
Sep 14 at 13:06
1
1
The clock is up to date with correct date & time?
– Paolo
Sep 14 at 21:27
The clock is up to date with correct date & time?
– Paolo
Sep 14 at 21:27
@Paolo yes, it is corect.
– R1W
Sep 18 at 5:52
@Paolo yes, it is corect.
– R1W
Sep 18 at 5:52
add a comment
|
1 Answer
1
active
oldest
votes
The left window is not showing the system uptime but the network connection uptime.
The network may have only been up for a couple of hours for multiple reasons:
- The network wire was -perhaps briefly- disconnected
- The switch it is connected to was rebooted
- The computer was previously connected to a different network, but then changed to this one
- The network connection itself was disabled then enabled.
- If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.
I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:
- The machine was hibernated and the time it was in that state is not taken into account for the uptime.
- The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.
I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.
Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
– R1W
Sep 14 at 13:54
1
The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
– Ángel
Sep 14 at 14:02
@ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
– R1W
Sep 14 at 15:49
3
@R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
– Ferrybig
Sep 14 at 20:07
1
@R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
– rexkogitans
Sep 14 at 20:26
|
show 1 more comment
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f218030%2fdifference-between-system-uptime-and-last-boot-time-in-windows%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The left window is not showing the system uptime but the network connection uptime.
The network may have only been up for a couple of hours for multiple reasons:
- The network wire was -perhaps briefly- disconnected
- The switch it is connected to was rebooted
- The computer was previously connected to a different network, but then changed to this one
- The network connection itself was disabled then enabled.
- If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.
I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:
- The machine was hibernated and the time it was in that state is not taken into account for the uptime.
- The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.
I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.
Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
– R1W
Sep 14 at 13:54
1
The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
– Ángel
Sep 14 at 14:02
@ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
– R1W
Sep 14 at 15:49
3
@R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
– Ferrybig
Sep 14 at 20:07
1
@R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
– rexkogitans
Sep 14 at 20:26
|
show 1 more comment
The left window is not showing the system uptime but the network connection uptime.
The network may have only been up for a couple of hours for multiple reasons:
- The network wire was -perhaps briefly- disconnected
- The switch it is connected to was rebooted
- The computer was previously connected to a different network, but then changed to this one
- The network connection itself was disabled then enabled.
- If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.
I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:
- The machine was hibernated and the time it was in that state is not taken into account for the uptime.
- The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.
I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.
Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
– R1W
Sep 14 at 13:54
1
The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
– Ángel
Sep 14 at 14:02
@ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
– R1W
Sep 14 at 15:49
3
@R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
– Ferrybig
Sep 14 at 20:07
1
@R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
– rexkogitans
Sep 14 at 20:26
|
show 1 more comment
The left window is not showing the system uptime but the network connection uptime.
The network may have only been up for a couple of hours for multiple reasons:
- The network wire was -perhaps briefly- disconnected
- The switch it is connected to was rebooted
- The computer was previously connected to a different network, but then changed to this one
- The network connection itself was disabled then enabled.
- If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.
I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:
- The machine was hibernated and the time it was in that state is not taken into account for the uptime.
- The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.
I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.
The left window is not showing the system uptime but the network connection uptime.
The network may have only been up for a couple of hours for multiple reasons:
- The network wire was -perhaps briefly- disconnected
- The switch it is connected to was rebooted
- The computer was previously connected to a different network, but then changed to this one
- The network connection itself was disabled then enabled.
- If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.
I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:
- The machine was hibernated and the time it was in that state is not taken into account for the uptime.
- The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.
I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.
answered Sep 14 at 13:47
ÁngelÁngel
13.4k3 gold badges20 silver badges47 bronze badges
13.4k3 gold badges20 silver badges47 bronze badges
Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
– R1W
Sep 14 at 13:54
1
The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
– Ángel
Sep 14 at 14:02
@ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
– R1W
Sep 14 at 15:49
3
@R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
– Ferrybig
Sep 14 at 20:07
1
@R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
– rexkogitans
Sep 14 at 20:26
|
show 1 more comment
Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
– R1W
Sep 14 at 13:54
1
The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
– Ángel
Sep 14 at 14:02
@ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
– R1W
Sep 14 at 15:49
3
@R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
– Ferrybig
Sep 14 at 20:07
1
@R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
– rexkogitans
Sep 14 at 20:26
Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
– R1W
Sep 14 at 13:54
Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
– R1W
Sep 14 at 13:54
1
1
The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
– Ángel
Sep 14 at 14:02
The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
– Ángel
Sep 14 at 14:02
@ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
– R1W
Sep 14 at 15:49
@ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
– R1W
Sep 14 at 15:49
3
3
@R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
– Ferrybig
Sep 14 at 20:07
@R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
– Ferrybig
Sep 14 at 20:07
1
1
@R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
– rexkogitans
Sep 14 at 20:26
@R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
– rexkogitans
Sep 14 at 20:26
|
show 1 more comment
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f218030%2fdifference-between-system-uptime-and-last-boot-time-in-windows%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
And why would this cause a workstation not to accept security policies from AV?
– Esa Jokinen
Sep 14 at 13:02
@EsaJokinen good question, i did contact the AV's support section and they told me, it is the reason.
– R1W
Sep 14 at 13:06
1
The clock is up to date with correct date & time?
– Paolo
Sep 14 at 21:27
@Paolo yes, it is corect.
– R1W
Sep 18 at 5:52