Jump to content
Jason Beattie

After upgrading our servers to Kaspersky Server 10.1 - Microsoft windows security auditing logs are filling up

Recommended Posts

Hi

 

We recently upgraded our file server to kaspersky server 10.1 

 

Since doing this our security audit logs have been filling up daily due to the kavfswp.exe process reading and writing files.

Is there any way of stopping this?

Capture.JPG

Share this post


Link to post

Hello,

On the screenshot I can see only part of the Audit information - "ReadData (or ListDirectory)". So kavfswp.exe is reading some data from some folder? And this is being audited according to your Audit set up.

Share this post


Link to post

Yes so this is the full audit information

 

Process Information:
    Process ID:        0xa08
    Process Name:        C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security for Windows Server\kavfswp.exe

Access Request Information:
    Transaction ID:        {00000000-0000-0000-0000-000000000000}
    Accesses:        READ_CONTROL
                SYNCHRONIZE
                ReadData (or ListDirectory)
                ReadEA
                ReadAttributes
                WriteAttributes
                
    Access Reasons:        READ_CONTROL:    Granted by    D:(A;ID;0x1200a9;;;WD)
                SYNCHRONIZE:    Granted by    D:(A;ID;0x1200a9;;;WD)
                ReadData (or ListDirectory):    Granted by    D:(A;ID;0x1200a9;;;WD)
                ReadEA:    Granted by    D:(A;ID;0x1200a9;;;WD)
                ReadAttributes:    Granted by    D:(A;ID;0x1200a9;;;WD)
                WriteAttributes:    Granted by    D:(A;ID;FA;;;BA)
                
    Access Mask:        0x120189
    Privileges Used for Access Check:    -
    Restricted SID Count:    0

 

Our company audits all read and rights on files (Needed for security reasons) Previously we didn't have any real time file protection running since we have enabled this, the audit logs are approx 10gb a day. Im guessing the only to stop this is by turning off the real time file protection but i wanted to check with you guys to see if there is a way not to audit against kavfswp.exe

Share this post


Link to post
1 час назад, Jason Beattie сказал:

Our company audits all read and rights on files (Needed for security reasons) Previously we didn't have any real time file protection running since we have enabled this, the audit logs are approx 10gb a day. Im guessing the only to stop this is by turning off the real time file protection but i wanted to check with you guys to see if there is a way not to audit against kavfswp.exe

What files is kavfswp.exe accessing? Cannot still see it even from the full information.

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.