1 Reply Latest reply on Mar 15, 2010 2:56 PM by bgable

    Attack Event Log Guest Access Enabled detected from NT Authority

      I found some problem about Host IPS, You can see the attached images.

      We found this attack every clients, Who can explain this attack I don't know how I fix this ploblem.

      status02.jpgstatus01.jpg

       

      please suggest to solve this.

        • 1. Re: Attack Event Log Guest Access Enabled detected from NT Authority

          Reviewing old posts:

           

          Signature 915 - Event log guest access enabled.

          This event indicates an attempt to enable Guest access to one of the Windows NT Event Logs. The following three registry keys are located under the EventLog registry key: Application, Security, and System. These keys are found on every Windows system, and each key contains its own log settings. There may be additional keys such as Directory Service Log, DNS Service Log, and others.
          Each of these keys contains a RestrictGuestAccess value that controls whether a Guest user has access to Event Log information. Allowing Guest access to the Event Log files typically eases the access restrictions on these files, and indicates an attempt to cover an attacker's tracks.