Security log fills with entries in relation to Backup Exec Server Service and causes event log to fill beyond system capability
|Article:TECH203530|||||Created: 2013-03-05|||||Updated: 2013-09-11|||||Article URL http://www.symantec.com/docs/TECH203530|
Two events per second are displayed in thw Windows Security Log, both 4674, containing slightly different information:
Log Name: Security
Source: Microsoft Windows security
Event ID: 4674
Task Category: Sensitive Privilege Use
Keywords: Audit Success
The details of the entry:
An operation was attempted on a privileged object.
Security ID: [Computer name]\Administrator
Account Name: Administrator
Object Name: \BaseNamedObjects\RxService
Object Handle: 0xce8
Process ID: 0xa34
Process Name: C:\Program (_file:C:/Program) Files\Symantec\Backup Exec\beserver.exe
Requested Operation: [This is not visible in the shot provided]
The next entry is identical, except Object Name is blank.
Backup Exec 2012
Settings in Security Technical Implementation Guide (STIG) will log privileged access. This will increase the size of the event logs.
Some STIGs will cause a System Halt on the server when a predefined size limit is reached.
A hotfix is now available for this issue in the current version(s) of the product(s) mentioned in this article. Refer to the Hotfix link under Related Articles at the end of this article to obtain the hotfix needed to resolve the issue.
Backup Exec 2012 Rev 1798 Hotfix 209149. (TECH209149)
Enabling Audit Sensitive Privilege Use in security policy causes event log to fill beyond system capability
Article URL http://www.symantec.com/docs/TECH203530