Viewing Symantec Information Centric Tagging events using Windows Event Viewer
Article ID: 173242
Updated On:
Products
Information Centric Tagging
Issue/Introduction
Symantec Information Centric Tagging (ICT) creates events that can be viewed by Windows Event Viewer. To view the ICT events data on a computer that does not have ICT installed, perform the following steps.
Resolution
Install Information Centric Tagging Event Parser
- Copy rw-eventlogmessages.dll to a location that is always accessible by the operating system:
- For x86-bit systems: x86\rw-eventlogmessages.dll
- For x64-bit systems: X64\rw-eventlogmessages.dll
- Create the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\ Application\ Information Centric Tagging
- On this registry key, create the following registry values:
|
Value name |
Value Type |
Value data |
|
CategoryCount |
REG_DWORD |
0x00000003 |
|
CategoryMessageFile |
REG_SZ |
Full path of rw-eventlogmessages.dll Eg.: C:\filter\rw-eventlogmessages.dll |
|
TypesSupported |
REG_DWORD |
0x00000007 |
|
EventMessageFile |
REG_SZ |
Full path of rw-eventlogmessages.dll Eg.: C:\filter\rw-eventlogmessages.dll |
- Restart Event Viewer.
Feedback
Yes
No
Powered by
