Windows Event Collector (Wecsvc)ID: oval:org.secpod.oval:def:80625 | Date: (C)2022-06-02 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This service manages persistent subscriptions to events from remote sources that support
WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI- enabled event sources. The service stores forwarded events in a local Event Log
In a high security environment, remote connections to secure workstations should be
minimized, and management functions should be done locally.
Default: Manual.
Counter Measure:
The recommended state for this setting is Disabled.
Potential Impact:
If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Windows Event Collector
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wecsvc!Start
Platform: |
Microsoft Windows 10 |