Policy Change: Audit MPSSVC Rule-Level Policy ChangeID: oval:org.secpod.oval:def:14713 | Date: (C)2013-08-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following:
Reporting of active policies when Windows Firewall service starts.
Changes to Windows Firewall rules.
Changes to Windows Firewall exception list.
Changes to Windows Firewall settings.
Rules ignored or not applied by Windows Firewall Service.
Changes to Windows Firewall Group Policy settings.
If you configure this policy setting, an audit event is generated by attempts to change policy rules used by the MPSSVC. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated by changes in policy rules used by the MPSSVC.
Volume: Low.
Default: No Auditing.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit MPSSVC Rule-Level Policy Change
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |