Hi, as my previous post i'm trialing Critical system protection to secure some application servers. from my userstanding with the strict windows policy enabled in logging mode i should be able to see network activity to my server.

i'd suspect if i installed something such as a ftp client i'd see logging based on the port and software activity?

on one of the servers is an application that takes telnet style connections on about 20 different ports, there are thousands of connections a day to this software yet i never see anything in the logs, should i be worried about this?

also, as a test i added some of the files of this software to the policy to deny modifications, as a test i added a file called test.txt - again when i go edit this file i see no warnings in the log.

I've checked the clients have the correct revision.

Thanks
Chris