Perusing https://kc.mcafee.com/corporate/index?page=content&id=KB74847&actp=LIST to prepare for some collector agent and installs, and one bit of pre-req caught my eye:
SIEM Collector and MSI prerequisite requirements on Windows systems
Q: Is this something that only needs to be done during installation, or do we seriously have the dreaded "security control requires neutering one of the better OS level improvements to security Microsoft made in 2008R2 and Win7" as an operational requirement as well?
Thanks for any insight or advice on this front. I'm migrating to collectors for this task to get rid of having an unrestricted administrator account polling WMI remotely and having to disable OS level security controls to do security monitoring makes me weep.