Detailed Tracking: Audit DPAPI ActivityID: oval:org.secpod.oval:def:14790 | Date: (C)2013-08-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see http://go.microsoft.com/fwlink/?LinkId=121720.
If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
Volume: Low.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Tracking\Audit DPAPI Activity
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |