System Services: Windows Event CollectorID: oval:org.secpod.oval:def:23043 | Date: (C)2015-01-07 (M)2023-07-31 |
Class: COMPLIANCE | Family: windows |
This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Windows Event Collector
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wecsvc!Start
Platform: |
Microsoft Windows Server 2012 R2 |