Hi Andrey,
That's an interesting event, the EnterpriseVault virtual directory should not be set to allow anonymous access as it uses IWA to restrict access to the web application.
Has that been turned on at some point by mistake? (Right click the Virtual Directory, choose properties, choose the Directory Security tab, click Edit under Authentication and Access Control)
What version of Windows, IIS and Enterprise Vault are you using?
You could also try matching up the time of the event log entry with the corresponding IIS log entry to see which user(s) are causing this event.
Cheers,
Ian