[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Audit Policy: Audit process tracking

ID: oval:org.secpod.oval:def:14744Date: (C)2013-08-13   (M)2017-10-26
Class: COMPLIANCEFamily: windows




This security setting determines whether the OS audits process-related events such as process creation, process termination, handle duplication, and indirect object access. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures). If Success auditing is enabled, an audit entry is generated each time the OS performs one of these process-related activities. If Failure auditing is enabled, an audit entry is generated each time the OS fails to perform one of these activities. Default: No auditing Important: For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node. For more information about Advanced Audit Policy Configuration, see http://go.microsoft.com/fwlink/?LinkId=140969. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit process tracking (2) REG: INFO NOT AVAILABLE

Platform:
Microsoft Windows 7
Reference:
CCE-9347-6
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9347-6
XCCDF    7
xccdf_nist_benchmark_Windows_7
xccdf_org.secpod_benchmark_Windows_7
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_7
xccdf_org.secpod_benchmark_general_Windows_7
...

© 2013 SecPod Technologies