Ensure Audit Success and Failure for 'Object Access: Audit Kernel Object'ID: oval:org.secpod.oval:def:14705 | Date: (C)2013-08-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores.
Only kernel objects with a matching system access control list (SACL) generate security audit events.
Note: The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects.
Volume: High if auditing access of global system objects is enabled.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Kernel Object
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |