- Jan
- 34
- 2
Hi;
I'm running TCC 18.00.18 in a Windows 7 corporate environment.
I run an overnight cron job (scheduled task) of a BTM script every night at 2am. This script does simple housekeeping tasks - runs a WinAudit of the PC, backs up various directories to an external USB, and on the weekends, runs a defrag of the disk.
I got a new PC recently, and our IT is reporting that I'm generating millions of security hits in their logs. Looking in my own Windows Event security log, I see over 1.2 million event today, with 2,812 events in a single second.
The script is started with user privileges, not elevated. The script takes about an hour to run, during with it's generating thousands of log events every second. Running the script manually does not create the same issue.
I can't really imagine why it does this. Has anyone had a similar issue? Or have any idea why this is happening?
I've put an example event log entry below, if that helps.
I'm running TCC 18.00.18 in a Windows 7 corporate environment.
I run an overnight cron job (scheduled task) of a BTM script every night at 2am. This script does simple housekeeping tasks - runs a WinAudit of the PC, backs up various directories to an external USB, and on the weekends, runs a defrag of the disk.
I got a new PC recently, and our IT is reporting that I'm generating millions of security hits in their logs. Looking in my own Windows Event security log, I see over 1.2 million event today, with 2,812 events in a single second.
The script is started with user privileges, not elevated. The script takes about an hour to run, during with it's generating thousands of log events every second. Running the script manually does not create the same issue.
I can't really imagine why it does this. Has anyone had a similar issue? Or have any idea why this is happening?
I've put an example event log entry below, if that helps.
- | System |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- | EventData |
SubjectUserSid | S-1-5-21-1959627124-635220436-521931719-3883 |
SubjectUserName | <corporate name redacted> |
SubjectDomainName | <corporate name redacted> |
SubjectLogonId | 0x17d6e0 |
ObjectServer | Security |
ObjectType | Semaphore |
ObjectName | \Sessions\1\BaseNamedObjects\TCMonitorSemaphore |
HandleId | 0x338 |
AccessMask | %%1537 %%1538 %%1539 %%1540 %%1541 %%4528 %%4529 |
PrivilegeList | SeTakeOwnershipPrivilege |
ProcessId | 0x3f08 |
ProcessName | C:\Program Files (x86)\Take Command\tcc.exe |