Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all articles
Browse latest Browse all 10484

GPO Permissions and Auditing on \ProgramData\Symantec

$
0
0
I need a solution

I'm experiancing a problem on my v.6.x windows kernel based systems (Windows 7 an Windows 2008R2) where excessive security logs are being generated.

I've configured the following:

Symantec Endpoint Protection 12 installed

Windows 2003 Active Directory Domain

Group Policy configured to set "failed audit attempts" on %AllUsersProfile%\Symantec

Windows Auditing configured to log changes to audit policy

Problem:

It appears that the File System security settings defined in the GPO are being continually reapplied files and folders in the C:\ProgramData\Symantec folder structure.

The log message is Event ID 4907: "Audit Settings on Object Have Changed"

This is not being logged on Windows 2003 Server and Windows XP systems.

For no more than 10 systems, I'm getting over 250 of these notifications in a week for each file and folder in the ProgramData\Symantec directory tree.  The Symantec root folder itself is getting over 1000 entries.

I've got the same audit policy set for several other directory structures in C:\Windows and C:\Program Files that are not behaving this way.

Any ideas?

-Dan


Viewing all articles
Browse latest Browse all 10484

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>