KBI 310789 Issue Addressed: Windows File Log Rule Generates Combined Events Showing Only The Last Two Occurrences


Argent for Compliance 3.1A-1310-A or below


Friday, 20 Dec 2013


Argent for Compliance uses the Boolean registry ‘COMBINE_ALERTS_ON_LOG_EVENT‘ to control whether to generate combined event or individual events in a single file log scanning

There were some issues in this area for the Windows File Log Rule

The generated combined events list only the last two most recent occurrences

Technical Background

Argent AT 3.1A-1401-A has corrected this issue and generates the combined event as expected

The event now lists the latest occurrence as well as all previous ones found in this scan


Upgrade to Argent AT 3.1A-1401-A or later