System: Audit System Integrity
|ID: oval:gov.nist.usgcb.windowsseven:def:204||Date: (C)2012-04-13 (M)2018-02-19|
|Class: COMPLIANCE||Family: windows|
This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following:
Events that could not be written to the event log because of a problem with the auditing system.
A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space.
The detection of a Remote Procedure Call (RPC) that compromises system integrity.
The detection of a hash value of an executable file that is not valid as determined by Code Integrity.
Cryptographic operations that compromise system integrity.
Default: Success, Failure.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit System Integrity
(2) REG: INFO NOT AVAILABLE
|Microsoft Windows 7|