Windows Security logs filling up after upgrading to PSW 2.2.166.x with RIM enabled

Technote (troubleshooting)


Problem(Abstract)

After upgrading to 2.2.166.x on PSW, the Windows security logs began filling up with successful audits.

Resolving the problem

Starting with PSW version 2.2.166 and greater, the agent will  turn on success and failure object access in the Audit group policy section automatically anytime RIM is enabled. These settings will overwrite any GPO settings.   The reason for this is that if you do not have audit settings set, then RIM will seem as though it is not functioning. Keep in mind that in order for auditing to work, you must have the audit policy set, and you must go to each object you want to audit and turn on the audit settings there as well. Just enabling RIM does not necessarily mean you will see new successful audits.

If you have too many objects to go through to shut off successful audits, a patch (version 2.2.166.2843) was created that will disable RIM  from enabling the success object access in your audit policy. If you are past version 2843 on your agent, please contact IBM Support and ask them to port the patch over to the version you are currently on.


If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security Host Protection
Proventia Server

Software version:

2.2.2

Operating system(s):

Windows

Reference #:

1625379

Modified date:

2013-02-14

Translate my page

Machine Translation

Content navigation