I just wanted to get some other takes on what others are doing out there as far as file integrity scanning the C:\Windows\winsxs folder. At the moment I have OSSEC running integrity checks on all .exe, and .dll files in that folder, but I'm getting a lot of "new files added" alerts and I can't tell if they're legitimate alerts of not. So I'm going to ignore the winsxs folder for now. I was just curious to see what others are doing as far as file integrity monitoring in the winsxs folder. Currently I am running file integrity monitoring on all .dll, .exe, and .ocx files on C:\Windows and all subfolders. But, the winsxs folder is the one that generates the most alerts (and what seems to be false positives for new files added).
Also, the "new file added" alerts that I get within that folder seem to be false positives. Is that possible? Thanks. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
