Security log fills with entries in relation to Backup Exec Server Service and causes event log to fill beyond system capability

Article:TECH203530  |  Created: 2013-03-05  |  Updated: 2014-09-25  |  Article URL http://www.symantec.com/docs/TECH203530
Article Type
Technical Solution

Product(s)

Issue



When Enabling Audit Sensitive Privilege policy on a Windows Server the Security log fills with entries in relation to Backup Exec Server Service and causes event log to fill beyond system capability.
 

Error



Two events per second are displayed in thw Windows Security Log, both 4674, containing slightly different information:

Log Name: Security
Source: Microsoft Windows security
Event ID: 4674
Task Category: Sensitive Privilege Use
Level: Information
Keywords: Audit Success 
OpCode: Info
The details of the entry:
An operation was attempted on a privileged object.
Subject:
Security ID: [Computer name]\Administrator
Account Name: Administrator
Object Name: \BaseNamedObjects\RxService
Object Handle: 0xce8

Process Information:
Process ID: 0xa34
Process Name: C:\Program (_file:C:/Program) Files\Symantec\Backup Exec\beserver.exe
Requested Operation: [This is not visible in the shot provided]

The next entry is identical, except Object Name is blank.

 


Environment



Backup Exec 2012

 


Cause



Settings in Security Technical Implementation Guide (STIG) will log privileged access. This will increase the size of the event logs.

Some STIGs will cause a System Halt on the server when a predefined size limit is reached.

 


Solution



A hotfix is now available for this issue in the current version(s) of the product(s) mentioned in this article. Refer to the Hotfix link under Related Articles at the end of this article to obtain the hotfix needed to resolve the issue.

Backup Exec 2012 Rev 1798 Hotfix 209149. (TECH209149)

Backup Exec 2012 Rev 1798 Service Pack 3 (TECH203530)

 

 


Supplemental Materials

SourceETrack
Value3075513
Description

Enabling Audit Sensitive Privilege Use in security policy causes event log to fill beyond system capability




Article URL http://www.symantec.com/docs/TECH203530


Terms of use for this information are found in Legal Notices