cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 7
‎01-15-2015 09:54 AM

Getting Solidcore events not accepted

Hi everyone,

We have change control installed on Solaris server & it is configured in enabled mode,we have write protected some path.

We are getting the solidcore events for the path which is write protected but we are also getting the solidcore events which are accepted.For eg.in screenshot we are getting the events for the path starting with  /etc though we have not write protected the path.

Events.jpg

Do anyone have an idea???

0 Kudos
Reply
6 Replies
neelima
Level 12
Report Inappropriate Content
Message 2 of 7
‎01-15-2015 10:18 AM

Re: Getting Solidcore events not accepted

Haaris,

Please provide a screenshot of your monitoring policies.

0 Kudos
Reply
haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 7
‎01-16-2015 05:48 AM

Re: Getting Solidcore events not accepted

_20150116_185152.JPGPlease find the attached policy

0 Kudos
Reply
haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 7
‎01-16-2015 05:51 AM

Re: Getting Solidcore events not accepted

Also the mentioned solid core events are generating in large amount and very frequently

0 Kudos
Reply
haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 7
‎01-19-2015 08:29 AM

Re: Getting Solidcore events not accepted

Hi Neelima,

Any update???

0 Kudos
Reply
neelima
Level 12
Report Inappropriate Content
Message 6 of 7
‎01-21-2015 12:38 PM

Re: Getting Solidcore events not accepted

You should not see events due to these policies. The events are raised due to the monitoring policies.

Please check if the right folders are being monitored in your Integrity monitoring Policy.2.jpg

0 Kudos
Reply
haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 7
‎02-02-2015 03:14 AM

Re: Getting Solidcore events not accepted

I have seen my ruleset & found the same thing as mentioned in your screenshot, but content change tracking is disabled for all paths mentioned in Solaris rule group.Then how come events are generated

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC