Jump to content

Jason Beattie

Members
  • Content Count

    5
  • Joined

  • Last visited

About Jason Beattie

  • Rank
    Candidate

Recent Profile Visitors

201 profile views
  1. Yes so this is the full audit information Process Information: Process ID: 0xa08 Process Name: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security for Windows Server\kavfswp.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by D:(A;ID;0x1200a9;;;WD) SYNCHRONIZE: Granted by D:(A;ID;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;ID;0x1200a9;;;WD) ReadEA: Granted by D:(A;ID;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;ID;0x1200a9;;;WD) WriteAttributes: Granted by D:(A;ID;FA;;;BA) Access Mask: 0x120189 Privileges Used for Access Check: - Restricted SID Count: 0 Our company audits all read and rights on files (Needed for security reasons) Previously we didn't have any real time file protection running since we have enabled this, the audit logs are approx 10gb a day. Im guessing the only to stop this is by turning off the real time file protection but i wanted to check with you guys to see if there is a way not to audit against kavfswp.exe
  2. Hi We recently upgraded our file server to kaspersky server 10.1 Since doing this our security audit logs have been filling up daily due to the kavfswp.exe process reading and writing files. Is there any way of stopping this?
  3. Hi Guys We are constantly getting the following notification through on both DC controllers: Event Suspicious network activity detected happened on ****(Kaspersky AV Server ) in the domain **** on 12 March 2019 10:37:38 (GMT+00:00) Event type: Suspicious network activity detected Application\Name: Kaspersky Endpoint Security for Windows User: NT AUTHORITY\SYSTEM Component: Protection Object: *** (Domain Controller) Object\Name: *** (Domain Controller) Reason: The number of login attempts by the user ***\***$ exceeded 30 for 2 minutes during the period from 12/03/2019 10:22:37 to 12/03/2019 10:37:37. Any help solving this would be greatly appreciated
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.