I am currently testing. I have an event (1000's) I want to create an exception to allow the activity, but the entry gives no specifics and the exception and behavior options of the wizard are greyed out.
The dreaded remote application alerts. Couple of things that I use, but a couple questions/caveats first.
Q1. Is there really no user information? Or did you leave out the user for privacy/security concerns?
Q2. It appears you are in test mode. Test a few of the workstations that are effected in Protect mode and if they do not have issues you might want to create a Priority Deny rule and disable logging on it.
1. Set up a monitoring rule for registry access for remote applications, then based on those events create a white list of accessible registry keys.
2. If you do have user data, create a user state rule module to allow remote registry access for remote applications base on that user state.
You can create a very broad but insecure rule that would allow remote application, from any user to access the registry. I would not recommend this but you could do this in test mode and start working you way backward to increase the granularity and security of the rule.
I would still recommend creating the monitor rule around remote client accessing the registry, also maybe a file access rule around accessing remote clients, but I've never tried that, but would be interested in the results.
What are the client computer roles? Are they Windows domain members? It sounds like domain activity trying to update\verify local machine registry values. If it's a domain controller generating the alerts, there is a role for those defined in a rule module.
If it's local or remote shares trying to update\read MRU values, that's a different issue.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...