Security log fills with entries in relation to Backup Exec Server Service and causes event log to fill beyond system capability

Problem

When Enabling Audit Sensitive Privilege policy on a Windows Server the Security log fills with entries in relation to Backup Exec Server Service and causes event log to fill beyond system capability.
 

Error Message

Two events per second are displayed in thw Windows Security Log, both 4674, containing slightly different information:

Log Name: Security
Source: Microsoft Windows security
Event ID: 4674
Task Category: Sensitive Privilege Use
Level: Information
Keywords: Audit Success 
OpCode: Info
The details of the entry:
An operation was attempted on a privileged object.
Subject:
Security ID: [Computer name]\Administrator
Account Name: Administrator
Object Name: \BaseNamedObjects\RxService
Object Handle: 0xce8

Process Information:
Process ID: 0xa34
Process Name: C:\Program (_file:C:/Program) Files\Symantec\Backup Exec\beserver.exe
Requested Operation: [This is not visible in the shot provided]

The next entry is identical, except Object Name is blank.

 

Cause

Settings in Security Technical Implementation Guide (STIG) will log privileged access. This will increase the size of the event logs.

Some STIGs will cause a System Halt on the server when a predefined size limit is reached.

 

Solution

A hotfix is now available for this issue in the current version(s) of the product(s) mentioned in this article. Refer to the Hotfix link under Related Articles at the end of this article to obtain the hotfix needed to resolve the issue.

Backup Exec 2012 Rev 1798 Hotfix 209149. (TECH209149)

Backup Exec 2012 Rev 1798 Service Pack 3 (TECH203530)

 

 


Applies To

Backup Exec 2012

 

Terms of use for this information are found in Legal Notices.

Search

Survey

Did this article answer your question or resolve your issue?

No
Yes

Did this article save you the trouble of contacting technical support?

No
Yes

How can we make this article more helpful?

Email Address (Optional)