Bsrgvty

Suppose I capture encrypted data that I want to decrypt. Could I use a server farm to decrypt?

Why are Trump's handwritten notes being focused on in the news?

"the whole shabang" vs "the whole shebang"

Why does the Eurofighter Typhoon pitch up on brake release?

How can you weaponize a thermos?

Big equation writing in LaTeX

Displaying a Sudoku Board

How to assemble PCBs when SMT machine doesn't have enough feeders?

What is a polite way to clarify my gender in phone calls?

I might blow up!

Why don't electrical receptacles have more than one ground?

How to tell that this is a draw

Does a meditation count as resting for the purposes of gaining the other benefits of a short rest?

'Cannis' - Term used in seventeenth-century clothes manufacture

Why 401k contribution as % of salary vs. fixed amount per pay check?

Where to stand for this winter view in Grindelwald, Switzerland?

Can Teflon thread tape be reused?

What is a flight ticket coupon?

Is Fox News not classified as a news channel?

Game company goes bankrupt, another company wants to make a sequel how?

Large products with glass doors

Algorithmic thinking problems

Threatening to discontinue a service for a client

Does USB version speed matter for input devices?

Difference between system uptime and last boot time in windows

Battling Malware without spending moneyDo I have a virus on my hosted site?What is the difference between antivirus and firewallsDifference between antivirus and sandbox?Hidden network continually connecting that I cannot disconnectStrange and unknown user name on Windows 10How to prevent Firefox and Chrome from opening ports in the firewall?How to sandbox students' Python 3 code submissions for automatic assignment evaluation on Windows 10?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;

1

2

As it shows in attached pictures, there is a "Difference between system uptime and last boot time" in my windows, it becomes an issue because AV, SIEM or every monitoring system shows a different time between system and boot.

Because of this problem, these workstations do not accept security policy from AV.

1. what is the reason?




2. How can I solve it?

antivirus windows-10 time

share|improve this question

edited Sep 14 at 13:03

R1W

asked Sep 14 at 10:06

R1WR1W

1,39833 gold badges99 silver badges2828 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  And why would this cause a workstation not to accept security policies from AV?
  
  – Esa Jokinen
  Sep 14 at 13:02
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @EsaJokinen good question, i did contact the AV's support section and they told me, it is the reason.
  
  – R1W
  Sep 14 at 13:06
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The clock is up to date with correct date & time?
  
  – Paolo
  Sep 14 at 21:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Paolo yes, it is corect.
  
  – R1W
  Sep 18 at 5:52
  

  
  
  
  

add a comment
 | 

1

2

As it shows in attached pictures, there is a "Difference between system uptime and last boot time" in my windows, it becomes an issue because AV, SIEM or every monitoring system shows a different time between system and boot.

Because of this problem, these workstations do not accept security policy from AV.

1. what is the reason?




2. How can I solve it?

antivirus windows-10 time

share|improve this question

edited Sep 14 at 13:03

R1W

asked Sep 14 at 10:06

R1WR1W

1,39833 gold badges99 silver badges2828 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  And why would this cause a workstation not to accept security policies from AV?
  
  – Esa Jokinen
  Sep 14 at 13:02
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @EsaJokinen good question, i did contact the AV's support section and they told me, it is the reason.
  
  – R1W
  Sep 14 at 13:06
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The clock is up to date with correct date & time?
  
  – Paolo
  Sep 14 at 21:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Paolo yes, it is corect.
  
  – R1W
  Sep 18 at 5:52
  

  
  
  
  

add a comment
 | 

As it shows in attached pictures, there is a "Difference between system uptime and last boot time" in my windows, it becomes an issue because AV, SIEM or every monitoring system shows a different time between system and boot.

Because of this problem, these workstations do not accept security policy from AV.

1. what is the reason?




2. How can I solve it?

antivirus windows-10 time

share|improve this question

edited Sep 14 at 13:03

R1W

asked Sep 14 at 10:06

R1WR1W

1,39833 gold badges99 silver badges2828 bronze badges

share|improve this question

edited Sep 14 at 13:03

R1W

asked Sep 14 at 10:06

R1WR1W

1,39833 gold badges99 silver badges2828 bronze badges

share|improve this question

edited Sep 14 at 13:03

R1W

asked Sep 14 at 10:06

R1WR1W

1,39833 gold badges99 silver badges2828 bronze badges

asked Sep 14 at 10:06

R1WR1W

1,39833 gold badges99 silver badges2828 bronze badges

asked Sep 14 at 10:06

R1WR1W

1,39833 gold badges99 silver badges2828 bronze badges

1 Answer
1

active

oldest

votes

7

The left window is not showing the system uptime but the network connection uptime.

The network may have only been up for a couple of hours for multiple reasons:

• The network wire was -perhaps briefly- disconnected


• The switch it is connected to was rebooted


• The computer was previously connected to a different network, but then changed to this one


• The network connection itself was disabled then enabled.


• If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.

I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:

• The machine was hibernated and the time it was in that state is not taken into account for the uptime.


• The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.

I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.

share|improve this answer

answered Sep 14 at 13:47

ÁngelÁngel

13.4k33 gold badges2020 silver badges4747 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
  
  – R1W
  Sep 14 at 13:54
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
  
  – Ángel
  Sep 14 at 14:02
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
  
  – R1W
  Sep 14 at 15:49
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
  
  – Ferrybig
  Sep 14 at 20:07
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
  
  – rexkogitans
  Sep 14 at 20:26
  
  

  
  
  
  

 | 
show 1 more comment

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f218030%2fdifference-between-system-uptime-and-last-boot-time-in-windows%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

7

The left window is not showing the system uptime but the network connection uptime.

The network may have only been up for a couple of hours for multiple reasons:

• The network wire was -perhaps briefly- disconnected


• The switch it is connected to was rebooted


• The computer was previously connected to a different network, but then changed to this one


• The network connection itself was disabled then enabled.


• If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.

I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:

• The machine was hibernated and the time it was in that state is not taken into account for the uptime.


• The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.

I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.

share|improve this answer

answered Sep 14 at 13:47

ÁngelÁngel

13.4k33 gold badges2020 silver badges4747 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
  
  – R1W
  Sep 14 at 13:54
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
  
  – Ángel
  Sep 14 at 14:02
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
  
  – R1W
  Sep 14 at 15:49
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
  
  – Ferrybig
  Sep 14 at 20:07
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
  
  – rexkogitans
  Sep 14 at 20:26
  
  

  
  
  
  

 | 
show 1 more comment

7

The left window is not showing the system uptime but the network connection uptime.

The network may have only been up for a couple of hours for multiple reasons:

• The network wire was -perhaps briefly- disconnected


• The switch it is connected to was rebooted


• The computer was previously connected to a different network, but then changed to this one


• The network connection itself was disabled then enabled.


• If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.

I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:

• The machine was hibernated and the time it was in that state is not taken into account for the uptime.


• The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.

I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.

share|improve this answer

answered Sep 14 at 13:47

ÁngelÁngel

13.4k33 gold badges2020 silver badges4747 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you for your answer, I have to mention that I did reboot those machines but after booting again, the result of "system uptime" was the same as before again.
  
  – R1W
  Sep 14 at 13:54
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The "system uptime" was larger than the time it had been up? If it's a remote tool that is periodically checking if the machine is up, it may not detect that it was disconnected for a short time, but I don't think it would make sense for the system itself to report that.
  
  – Ángel
  Sep 14 at 14:02
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @ Ángel The answer to the first question is "yes" and also it is a remote tool that showed us that the "system uptime and the network connection uptime" have different result, it is possible that it may not be detected that machine is rebooted but as you mentioned it does not make sense different times on itself.
  
  – R1W
  Sep 14 at 15:49
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  @R1W Unless you use the reboot option in the shutdown options menu, windows defaults a "low level hibernation", in which the uptime does not reset. This makes windows 10 boot faster
  
  – Ferrybig
  Sep 14 at 20:07
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @R1W Chosing "Shut down" does - by default - not really shut down the machine on WIndows. You have to hold the SHIFT key while clicking "Shut down".
  
  – rexkogitans
  Sep 14 at 20:26
  
  

  
  
  
  

 | 
show 1 more comment

The left window is not showing the system uptime but the network connection uptime.

The network may have only been up for a couple of hours for multiple reasons:

• The network wire was -perhaps briefly- disconnected


• The switch it is connected to was rebooted


• The computer was previously connected to a different network, but then changed to this one


• The network connection itself was disabled then enabled.


• If it's just slightly different, it's normal that the boot time will have happened a bit before the computer booted, loaded the OS and actually connected to the network.

I can imagine a several scenarios where the reported system uptime is different than Now - Boot time for a machine, though:

• The machine was hibernated and the time it was in that state is not taken into account for the uptime.


• The system clock changed after boot, so the boot time might even be dated years ago (whatever the BIOS clock default is) but the System time itself was corrected shortly after boot-up through NTP.

I understand the discrepancy to show in SIEM / AV dashboards. However, I don't see that as a reason to not accept security policy from AV. If the AV refuses to apply a security policy because it considers that they don't match -as seems implied by their support reply-, perhaps it is buggy.

share|improve this answer

answered Sep 14 at 13:47

ÁngelÁngel

13.4k33 gold badges2020 silver badges4747 bronze badges

share|improve this answer

answered Sep 14 at 13:47

ÁngelÁngel

13.4k33 gold badges2020 silver badges4747 bronze badges

answered Sep 14 at 13:47

ÁngelÁngel

13.4k33 gold badges2020 silver badges4747 bronze badges

answered Sep 14 at 13:47

ÁngelÁngel

13.4k33 gold badges2020 silver badges4747 bronze badges