F-Prot triggers huge amounts of Security Audit Failures on Windows XP
- From: Rob <ramseyrt@xxxxxxxxx>
- Date: Wed, 19 Mar 2008 12:30:44 -0700 (PDT)
Hello,
I have F-prot version 6 (Anti-Virus) loaded on several Windows XP
systems in our lab. The Windows XP systems have been configured for
security auditing (per NISPOM Ch. 8 requirement). Using event viewer
to look at the security logs, I'm seeing 8500+ security messages for
two days worth of usage, of which 94% of them read exactly like the
printout below.
I'm not sure, but it seems like FPAVserv (f-prot process) might
running with the user's rights and not running as a system service.
Any thoughts on how I can fix this?
Thanks,
Rob Ramsey
Colorado
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 2/7/2008
Time: 10:37:39 PM
User: STK-NODE\dave
Computer: STK-NODE
Description:
Object Open:
Object Server: SC Manager
Object Type: SERVICE OBJECT
Object Name: FPAVServer
Handle ID: -
Operation ID: {0,2766732}
Process ID: 740
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: STK-NODE$
Primary Domain: WORKGROUP
Primary Logon ID: (0x0,0x3E7)
Client User Name: dave
Client Domain: STK-NODE
Client Logon ID: (0x0,0x281EF9)
Accesses: Query status of service
Start the service
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
8760 messages of event type 560 out of 8855 events
6 Feb 2008 11:24:40PM - 8 Feb 2008 3:16:52PM
.
- Follow-Ups:
- Re: F-Prot triggers huge amounts of Security Audit Failures on Windows XP
- From: David H. Lipman
- Re: F-Prot triggers huge amounts of Security Audit Failures on Windows XP
- Prev by Date: Re: reset local admin password globally
- Next by Date: RE: Mapped network drive asks "Open With"?
- Previous by thread: reset local admin password globally
- Next by thread: Re: F-Prot triggers huge amounts of Security Audit Failures on Windows XP
- Index(es):
Relevant Pages
|
|
