Operations Manager 3.22
Operations Manager 3.22 SP1
Operations Manager 3.30
The Security Real Time Detect Rogue Processes script can detect and kill rogue processes in real time. The script is run in response to Security event 592, which indicates that a new process has been created. These events will only be collected if security auditing is enabled. Using Microsoft Security Configuration Manager, security auditing can be enabled throughout your enterprise. To resolve this issue, verify that auditing is turned on:
For Windows NT 4.0 machines, the "Process tracking" option in the Audit Policy must be set to collect success events.
For Windows 2000, the "Audit detailed tracking" option in the Local Security Policy\Audit Policy must be set to collect success events.