If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
F-Prot triggers huge amounts of Security Audit Failures on Windows XP
Hello,
I have F-prot version 6 (Anti-Virus) loaded on several Windows XP systems in our lab. The Windows XP systems have been configured for security auditing (per NISPOM Ch. 8 requirement). Using event viewer to look at the security logs, I'm seeing 8500+ security messages for two days worth of usage, of which 94% of them read exactly like the printout below. I'm not sure, but it seems like FPAVserv (f-prot process) might running with the user's rights and not running as a system service. Any thoughts on how I can fix this? Thanks, Rob Ramsey Colorado Event Type: Failure Audit Event Source: Security Event Category: Object Access Event ID: 560 Date: 2/7/2008 Time: 10:37:39 PM User: STK-NODE\dave Computer: STK-NODE Description: Object Open: Object Server: SC Manager Object Type: SERVICE OBJECT Object Name: FPAVServer Handle ID: - Operation ID: {0,2766732} Process ID: 740 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: STK-NODE$ Primary Domain: WORKGROUP Primary Logon ID: (0x0,0x3E7) Client User Name: dave Client Domain: STK-NODE Client Logon ID: (0x0,0x281EF9) Accesses: Query status of service Start the service Privileges: - Restricted Sid Count: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 8760 messages of event type 560 out of 8855 events 6 Feb 2008 11:24:40PM - 8 Feb 2008 3:16:52PM |
Ads |
#2
|
|||
|
|||
F-Prot triggers huge amounts of Security Audit Failures on Windows XP
From: "Rob"
| Hello, | | I have F-prot version 6 (Anti-Virus) loaded on several Windows XP | systems in our lab. The Windows XP systems have been configured for | security auditing (per NISPOM Ch. 8 requirement). Using event viewer | to look at the security logs, I'm seeing 8500+ security messages for | two days worth of usage, of which 94% of them read exactly like the | printout below. | | I'm not sure, but it seems like FPAVserv (f-prot process) might | running with the user's rights and not running as a system service. | | Any thoughts on how I can fix this? | | Thanks, | snip Interesting. If you have to follow "NISPOM Ch. 8 requirement", you can't use F-Prot. It is an unapproved anti virus solution. The requirements are only for the DISA approved anti virus solutions under the DISA DoD wide license which include only; Trend Micro, Symantec and MCafee. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#3
|
|||
|
|||
F-Prot triggers huge amounts of Security Audit Failures onWindows XP
On Mar 19, 2:06*pm, "David H. Lipman"
wrote: From: "Rob" | Hello, | | I have F-prot version 6 (Anti-Virus) loaded on several Windows XP | systems in our lab. *The Windows XP systems have been configured for | security auditing (per NISPOM Ch. 8 requirement). *Using event viewer | to look at the security logs, I'm seeing 8500+ security messages for | two days worth of usage, of which *94% of them read exactly like the | printout below. | | I'm not sure, but it seems like FPAVserv (f-prot process) might | running with the user's rights and not running as a system service. | | Any thoughts on how I can fix this? | | Thanks, | snip Interesting. If you have to follow "NISPOM Ch. 8 requirement", you can't use F-Prot. *It is an unapproved anti virus solution. The requirements are only for the DISA approved anti virus solutions under the DISA DoD wide license which include only; *Trend Micro, Symantec and MCafee. -- Davehttp://www.claymania.com/removal-trojan-adware.html Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp Hello Dave, Contractors are governed by DSS. Their regulation reads: DoD 5220.22-M, February 28, 2006 8-305. Malicious Code. Policies and procedures to detect and deter incidents caused by malicious code, such as viruses or unauthorized modification to software, shall be implemented. All files must be checked for viruses before being introduced on an IS and checked for other malicious code as feasible. The use of personal or public domain software is strongly discouraged. Each installation of such software must be approved by the ISSM. I have F-Prot listed in my protection profile and I have an ATO letter in-hand. I haven't read anything on DSS's website stating that a particular piece of anti-virus software has to be used; at least not for our classification level. Not that any of that matters anyway. Any thoughts on the message I posted? Thanks, Rob |
#4
|
|||
|
|||
F-Prot triggers huge amounts of Security Audit Failures on Windows XP
Rob wrote:
From: "Rob" | Hello, | | I have F-prot version 6 (Anti-Virus) loaded on several Windows XP | systems in our lab. *The Windows XP systems have been configured for | security auditing (per NISPOM Ch. 8 requirement). *Using event viewer | to look at the security logs, I'm seeing 8500+ security messages for | two days worth of usage, of which *94% of them read exactly like the | printout below. | | I'm not sure, but it seems like FPAVserv (f-prot process) might | running with the user's rights and not running as a system service. | | Any thoughts on how I can fix this? Contact F-Prot tech support. Although they may take a day or so to answer (time difference between US and Iceland), my experience with them is that they are very responsive. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! |
#5
|
|||
|
|||
F-Prot triggers huge amounts of Security Audit Failures on Windows XP
From: "Rob"
| | Hello Dave, | | Contractors are governed by DSS. Their regulation reads: | | DoD 5220.22-M, February 28, 2006 | | 8-305. Malicious Code. Policies and procedures to detect and deter | incidents caused by malicious code, such as viruses or unauthorized | modification to software, shall be implemented. All files must be | checked for viruses before being introduced on an IS and checked for | other malicious code as feasible. The use of personal or public domain | software is strongly discouraged. Each installation of such software | must be approved by the ISSM. | | I have F-Prot listed in my protection profile and I have an ATO letter | in-hand. I haven't read anything on DSS's website stating that a | particular piece of anti-virus software has to be used; at least not | for our classification level. | | Not that any of that matters anyway. Any thoughts on the message I | posted? | | Thanks, | | Rob Contractors are not covered under the DISA DoD wide anti virus contract. Therfore F-Prot fits the bill. I'll find out what I can about what you originally posted through my contacts. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
Thread Tools | |
Display Modes | |
|
|