TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I am trying to "customize" a OS Sensor policy. I am trying to edit out the
"false-positive" that I am getting with the
"Registry_NT_security_options_changed" event. I get this false-positive by
simply unlocking the box. The GUI of the policy does not have a method to
"uncheck" the Winlogon registry key that is causing this. I am trying to
edit the current.policy and the audit.policy files. I have had limited
success. Does anybody have experience modifying OS Sensor policies like
this? I also know that the RuleDef.policy plays a part but I do not know
exactly how. Is the RuleDef.policy used to create the other two? Or does
the RuleDef.policy play a part after the new policy is derived.
I have tried ISS Tech Support but have gotten nowhere. It is as though no
one have ever wanted to modify the OS Sensor RealSecure policies.
If anybody has any information it will be appreciated.
Thanks,
Duane Weldon
I/T Security Analyst
USAA
San Antonio, TX
