After upgrading to 2.2.166.x on PSW, the Windows security logs began filling up with successful audits.
Resolving the problem
Starting with PSW version 2.2.166 and greater, the agent will turn on success and failure object access in the Audit group policy section automatically anytime RIM is enabled. These settings will overwrite any GPO settings. The reason for this is that if you do not have audit settings set, then RIM will seem as though it is not functioning. Keep in mind that in order for auditing to work, you must have the audit policy set, and you must go to each object you want to audit and turn on the audit settings there as well. Just enabling RIM does not necessarily mean you will see new successful audits.
If you have too many objects to go through to shut off successful audits, a patch (version 22.214.171.12443) was created that will disable RIM from enabling the success object access in your audit policy. If you are past version 2843 on your agent, please contact IBM Support and ask them to port the patch over to the version you are currently on.
If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.