Endpoint Protection

 View Only

  • 1.  SEPM12.1 with XP clients logging heavily in security log

    Posted Sep 11, 2012 06:47 PM

    Hi

    Recently we installed SEPM 12.1 on the server and the clients have all since been updated. We predominantly use XP computers. What we are seeing is the security log is filling up with lot of eventID 577 and 526 with failures, whcih eventually stops users from loggin on to the PC until the log is cleared. Have I missed some setup which should not be logging this on the security log.

     

    Regards

    Venkatesh



  • 2.  RE: SEPM12.1 with XP clients logging heavily in security log

    Posted Sep 11, 2012 10:07 PM

    hi,

    This is not a SEP 12.1 Issue.I have also facing same issue before in xp system

    You security log are not purgeing

    Please follow this steps.

    1) Open Event Viewer.

    2) Security Logs Properties.

    3) Select Below radio Buttion.

     

    Note: If your Issue will be resolved don't forgot Mark as Solution



  • 3.  RE: SEPM12.1 with XP clients logging heavily in security log

    Posted Sep 11, 2012 10:14 PM

    I have checked this and all the PCs are set to overwrite events as needed, It definitely happened straight after the update of SEPM clients to version 12.1



  • 4.  RE: SEPM12.1 with XP clients logging heavily in security log

    Posted Sep 11, 2012 10:22 PM

    HI

    Check this microsoft Kbase.This is Microsoft XP Problem

    Event ID 577 appears repeatedly in the security event log of your Windows XP-based computer

    http://support.microsoft.com/kb/831905

     

    Note: If your Issue will be resolved don't forgot Mark as Solution



  • 5.  RE: SEPM12.1 with XP clients logging heavily in security log

    Posted Sep 11, 2012 11:15 PM

    Hi Ashish

    Thanks for the information, but I have explored all these options and most of our PCs are running the latest service pack and we cannot apply this hotfix as it was released in 2003 after SP1 had some issues. How did your problem get fixed?

     

    Regards

    Venkatesh



  • 6.  RE: SEPM12.1 with XP clients logging heavily in security log

    Posted Sep 11, 2012 11:31 PM

    Hi,

    For testing purpose Remove SEP client on machine and check Logs are created or not ?

    Do you have installed the 3rd-party softwares such as McAfee

    Failure Audit, Security, Privilege Use, Event ID 577 (displayed on client after installing McAfee Agent 4.5)
    https://kc.mcafee.com/corporate/index?page=content&id=KB67976
     

    Hundreds of event 577 every SECOND! how do i stop this

    http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/736531f4-7982-4f95-a56e-8a53e46235c5



  • 7.  RE: SEPM12.1 with XP clients logging heavily in security log

    Broadcom Employee
    Posted Sep 12, 2012 01:03 AM

    are you referring to Microsoft security log, then agree with the above comments. You may test it if you uninstall SEP agent on one machine and monitor for the logs.



  • 8.  RE: SEPM12.1 with XP clients logging heavily in security log

    Posted Sep 16, 2012 10:50 AM

    hi Venkatesh,

    Any update on this ?