1 Reply Latest reply on Oct 26, 2011 3:36 AM by metalhead

    Security Audit Failures

      I am using ePO 4.6 and AntiVirus 8.8. I have a user account that is a domain user that I use for running scans and updates. The scan is an on-demand scan that runs at computer startup.

       

      My event logs are filling up with the following:

       

      A handle to an object was requested.

       

      Subject:

          Security ID:        S-1-5-21-3004429998-863412354-1270139419-3244

          Account Name:        UpdateAccount

          Account Domain:        testDomain

          Logon ID:        0x1e2ad

       

      Object:

          Object Server:        Security

          Object Type:        File

          Object Name:        C:\Windows\winsxs\amd64_microsoft-windows-ehome-font_31bf3856ad364e35_6.1.7600. 16385_none_2ad6e90ee30ff985\segmcsb.ttf

          Handle ID:        0x0

       

      Process Information:

          Process ID:        0x884

          Process Name:        C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scan64.exe

       

      Access Request Information:

          Transaction ID:        {00000000-0000-0000-0000-000000000000}

          Accesses:        SYNCHRONIZE

                      ReadAttributes

                      WriteAttributes

       

          Access Reasons:        SYNCHRONIZE:    Granted by    D:(A;;0x1200a9;;;BU)

                      ReadAttributes:    Granted by ACE on parent folder    D:(A;OICI;0x1200a9;;;BU)

                      WriteAttributes:    Not granted

       

          Access Mask:        0x100180

          Privileges Used for Access Check:    -

          Restricted SID Count:    0

       

       

      Is there anyway to stop this without disabling auditing? I see 30 of these a second