McAfee Support Community - Getting Solidcore events not accepted

haaris · ‎01-15-2015

Hi everyone,

We have change control installed on Solaris server & it is configured in enabled mode,we have write protected some path.

We are getting the solidcore events for the path which is write protected but we are also getting the solidcore events which are accepted.For eg.in screenshot we are getting the events for the path starting with /etc though we have not write protected the path.

Do anyone have an idea???

neelima · ‎01-15-2015

Haaris,

Please provide a screenshot of your monitoring policies.

haaris · ‎01-16-2015

Please find the attached policy

haaris · ‎01-16-2015

Also the mentioned solid core events are generating in large amount and very frequently

haaris · ‎01-19-2015

Hi Neelima,

Any update???

neelima · ‎01-21-2015

You should not see events due to these policies. The events are raised due to the monitoring policies.

Please check if the right folders are being monitored in your Integrity monitoring Policy.

haaris · ‎02-02-2015

I have seen my ruleset & found the same thing as mentioned in your screenshot, but content change tracking is disabled for all paths mentioned in Solaris rule group.Then how come events are generated

Getting Solidcore events not accepted

Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted

Re: Getting Solidcore events not accepted