Well to be honest, the far far best way to prevent those log events is to prevent the event from occuring at all!
You see you only allow severe events to be added to your windows event log. The reason why this specific event is added to your event log therefore is because it's.... guess what.... severe! You are about to ignore all severe events, which I reckon is a bad thing to do: You would miss virus detections or failed updates as well. Better is to find out why the event is triggered and solve the source of it (best option) OR either create a correct exception in your application rule (second best option) or disable that specific application rule completely (third best).
while I completely agree with most what you wrote here I must add that in my opinion the alerting feature is only a complementary solution to get informed about events in a centrally managed environment (although a good one). This feature has been developed before central management and event collection, and as such rightly contained the function of using the local event logs.
In my opinion with the central management and event collection, the sending alerts to the event logs might be having less and less importance especially in the light of the fact that there is a separate Access Protection log on each client as well.
Now we'd be having three different logging destinations for the same event and considering that Access Protection seem to be quite productive at times, I'd say that alerting to the event log is really an option for the kind of users who want to ensure nothing avoids their attention.
Is there a way to further finetune which e.g. severe events would get in the event log for a particular alerting source? I guess there isn't..
Message was edited by: Attila Polinger on 9/29/10 7:46:24 AM CEST