System: Audit System IntegrityID: oval:gov.nist.usgcb.windowsseven:def:204 | Date: (C)2012-04-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following:
Events that could not be written to the event log because of a problem with the auditing system.
A process that uses a local procedure call (LPC) port that is not valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space.
The detection of a Remote Procedure Call (RPC) that compromises system integrity.
The detection of a hash value of an executable file that is not valid as determined by Code Integrity.
Cryptographic operations that compromise system integrity.
Volume: Low.
Default: Success, Failure.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit System Integrity
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |