CCE-33424-3Platform: cpe:/o:microsoft:windows_8.1 | Date: (C)2015-10-14 (M)2023-07-04 |
Back up log automatically when full
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the 'Retain old events' policy setting is enabled.
If you enable this policy setting and the 'Retain old events' policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
If you disable this policy setting and the 'Retain old events' policy setting is enabled, new events are discarded and old events are retained.
If you do not configure this policy setting and the 'Retain old events' policy setting is enabled, new events are discarded and the old events are retained.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsEvent Log ServiceSystem!Back up log automatically when full
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsEventLogSystem!AutoBackupLogFiles
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:28872 |