Eliminate Windows Firewall Chatter (Noise) from the Security Log
Fri, 08 Jul 2011 07:03:55 GMT
Vista, Windows 7 and Windows Server 2008 generate a lot of events regarding the Windows Firewall and for most of us in most scenarios this is at best chatter if not down right noise. Here's how to get rid of it.
You need to disable all of the audit subcategories that reference Filtering Platform or MPSSVC as well as the "Other Policy Change Events" and other "System Events" subcategory. That's:
That's what I do in my Recommended Audit Baseline. If you are on Windows Server 2008 R2 you can use group policy instead of the auditpol command; look for the Advanced Audit Policy folder at the bottom of Security Settings.
Don't forget to enable this policy before you start configuring subcategories.
Understanding the Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log
5 Indicators of Endpoint Evil
Live with Dell at RSA 2015
Live with LogRhythm at RSA
previous | next
powered by Bloget™