Technote (troubleshooting)
Problem(Abstract)
Customers running IBM Host Protection may notice that they are not receiving network-based events, but are receiving OS audit events from the agent.
Resolving the problem
Please verify that the Windows service "Base Filtering Engine" is running correctly. The Host Protection for Windows uses an inline driver that connects to the Base Filtering module. If this service is disabled or not running, then network traffic will bypass the agent's network driver. The agent will continue to function and report audit events, but it will not see network traffic.
If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.