KBI 310706 Issue Addressed: W2012 File Audit Events Are Wrongly Parsed


Argent Advanced Technology 3.1A-1308-A or below


Tuesday, 15 Oct 2013


Windows 2012 Server has changed security log format related to file audit events. They could not be parsed properly in Argent AT 3.1A-1308-A or earlier versions

Technical Background

Argent AT relies on the Windows security log format to determine the meaning of each insertion string. File audit events are not a single event, but a sequence of events that related through handle ID. When handle ID and other vital fields are interpreted wrongly, file audit events cannot be understood properly


Upgrade to Argent Advanced Technology 3.1A-1310-A or later