Hi, Active-response is only supported by installations: local and server. Local and server installation only works on Linux so Windows does not have active-response functionality, that's why it is disabled by default on Windows agents.
Refer to OSSEC documentation: http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.active-response.html Regards, Pedro S. On Thursday, February 4, 2016 at 7:55:42 AM UTC+1, Abdulvehhab Agin wrote: > > Hi > > Ossec setup which is prepared Windows install ossec.conf file with active > response <disabled>yes</disabled> at Default > > However in linux there is no active response tag which means that it is > ready for active response > > > Why in windows installation it is default disabled > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
