It sounds like you may have UAC enabled. What happens when you right-click on the Agent Manager and tell it to Run as Administrator?
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Clarky Sent: Tuesday, May 21, 2013 10:35 AM To: ossec-list@googlegroups.com Subject: [ossec-list] OSSEC Windows Agent 2.7 Issues I have recently installed OSSEC HIDS server 2.7 along with WebUI 0.3 on Ubuntu 12.04.2 LTS 64-bit and everything appears to be working OK on the server side. Today, I installed the OSSEC Windows Agent 2.7 on my Windows 7 32-bit PC, I followed the normal instructions of adding my PC as agent on the server first then retrieving the key and entering the server IP and key into the OSSEC Agent Manager. On first connect everything appears fine and the OSSEC Agent Manager log confirms that there is a connection to the server (i.e. I see entries for "INFO: Trying to connect to server" and "INFO: Connected to the server"). However, I soon as I close the OSSEC Agent Manager and then re-open it, I get the following issues: 1. The OSSEC Agent Manager no longer recognises that the OSSEC Agent (Windows Service) is running when the service is definitely still running. 2. The security on the OSSEC Agent Manager log file changes to Administrators only and I have to add myself to the security of the file before I can view the file again. 3. When I click on Start OSSEC through Agent Manager it states unable to start OSSEC (check config). 4. I have also found that the agent_control lc command reports that an agent is active regardless of whether the agent service on the client PC isn't running which isn't helpful. What is going on here? Why is the Agent Manager no longer recognising that the service is still running after the Agent Manager has been restarted? Surely its not necessary to keep the Agent Manager window open in order for the service to function properly, there is no way to minimise it to the tray that I can see. I have replicated this issue on 2 different PCs. Any help would be really appreciated. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.