Hi all. I'm running ossec 2.0 on RedHat 5 ES (32 bit). I have a Windows 2003 server client that is reporting a failure of "Windows Audit: Microsoft Firewall disabled." I've verified that the firewall is in fact running (by way of group policy, checking for the lock icon on the network interface and by way of a Nessus scan). I've also verfied that the following registery key is set to 1 -> HKEY_LOCAL_MACHINE\software\policies\microsoft\windowsfirewall\standardprofile -> enablefirewall ; the machine is not in a domain.
[r...@ossec bin]# ./rootcheck_control -i 003 Resolved events: ** No entries found. Outstanding events: 2009 Mar 05 12:49:05 (first time detected: 2009 Mar 05 12:49:05) Windows Audit: Microsoft Firewall disabled. Any ideas? Aaron
