KBI 311643 Many Audit Failures Found In Security Event Log


Argent Advanced Technology – All Versions


Tuesday, 10 April 2018


It was observed that after removing domain administrator level privileges from the Argent Service Account, multiple audit failures were found in the Security Event Log of the Domain Controller while reading Event logs from Argent for Compliance

Technical Background

There are multiple ways Argent for Compliance can read the Security Event Log from a server, the default option is ‘Read Event Log File Directly’

When ‘Read Event Log File Directly’ is used, multiple audit failure Events while attempting to read the Event log via a UNC path can be seen


Use the ‘Vista Event Log API’ method for reading Event logs instead