Why doesn't the Security Real Time Detect Rogue Processes script terminate the specified process? (NETIQKB1483)

  • 7701483
  • 02-Feb-2007
  • 08-Sep-2008

Resolution

fact
Operations Manager 3.22

fact
Operations Manager 3.22 SP1

fact
Operations Manager 3.30

fix
The Security Real Time Detect Rogue Processes script can detect and kill rogue processes in real time. The script is run in response to Security event 592, which indicates that a new process has been created. These events will only be collected if security auditing is enabled. Using Microsoft Security Configuration Manager, security auditing can be enabled throughout your enterprise. To resolve this issue, verify that auditing is turned on:

For Windows NT 4.0 machines, the "Process tracking" option in the Audit Policy must be set to collect success events.

For Windows 2000, the "Audit detailed tracking" option in the Local Security Policy\Audit Policy must be set to collect success events.



Additional Information

Formerly known as NETIQKB1483