Audit Policy: Policy Change: Filtering Platform Policy Change (Failure)ID: oval:org.secpod.oval:def:19005 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Policy Change: Filtering Platform Policy Change events on failure should be enabled or disabled as appropriate.
Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions. Windows Filtering Platform (WFP) enables independent software vendors (ISVs) to filter and modify TCP/IP packets, monitor or authorize connections, filter Internet Protocol security (IPsec)-protected traffic, and filter remote procedure calls (RPCs). This security policy setting determines whether the operating system generates audit events for: * IPsec services status. * Changes to IPsec settings. * Status and changes to the Windows Filtering Platform engine and providers. * IPsec Policy Agent service activities.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |