Version

Argent Advanced Technology 3.1A-1308-A or below

Date

Tuesday, 15 Oct 2013

Summary

Windows 2012 Server has changed security log format related to file audit events. They could not be parsed properly in Argent AT 3.1A-1308-A or earlier versions

Technical Background

Argent AT relies on the Windows security log format to determine the meaning of each insertion string. File audit events are not a single event, but a sequence of events that related through handle ID. When handle ID and other vital fields are interpreted wrongly, file audit events cannot be understood properly

Resolution

Upgrade to Argent Advanced Technology 3.1A-1310-A or later