Audit Policy: Policy Change: MPSSVC Rule-Level Policy ChangeID: oval:org.secpod.oval:def:18750 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Policy Change: MPSSVC Rule-Level Policy Change events on failure should be enabled or disabled as appropriate.
This security policy setting determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe), which is used by Windows Firewall. The tracked activities include: Active policies when the Windows Firewall service starts. * Changes to Windows Firewall rules. * Changes to the Windows Firewall exception list. * Changes to Windows Firewall settings. * Rules ignored or not applied by the Windows Firewall service. * Changes to Windows Firewall Group Policy settings. Changes to firewall rules are important to understand the security state of the computer and how well it is protected against network attacks.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |