KBI 310800 Issue Addressed: Argent For Compliance Reads Empty Event Log Message When Event ID Is Zero
Version
Argent for Compliance 3.1A-1401-A or below
Date
Monday, 13 Jan 2014
Summary
Windows event records should always have positive Event ID
But some buggy code from third-party vendors may generate event with an invalid Event ID of ‘0‘
When it is viewed in Event Log Viewer, message may be displayed as following:
When Argent for Compliance reads the same event, it returns empty message ‘None‘
The test result may look like following:
Technical Background
Argent for Compliance 3.1A-1401-B has been enhanced to compose a substitute message using insertion strings
Resolution
Upgrade to Argent AT 3.1A-1401-B or later