Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
1
Replies

CSA - Winlogon.exe causes rule 699 to fire

agarciaiii
Level 1
Level 1

‎09-19-2007 03:21 AM - edited ‎03-09-2019 06:51 PM

I am seeing the following message: "The process 'C:\Windows\system32\winlogon.exe (as user NT Authority\System) attempted to modify a Cisco Service Agent resource Cisco process c:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe. The Operation was denied." This firing rule was 699. I have also attached a screenshot of the firing rule details. Has anyone seen this before or have any ideas?

The alert is comming from the agent running on the MC, which appears to have been disabled.

Labels:
Preview file
157 KB
0 Helpful
1 Reply 1

tsteger1
Level 8
Level 8

‎09-20-2007 03:06 PM

My 5.2.210 MC had 4 of these messages.

They appeared to occur when I was connected via a terminal session and generated rules.

I haven't had any since I upgraded to 5.2.225.

Tom

0 Helpful
Customers Also Viewed These Support Documents