Description:

In situations where ControlMinder is running under heavy load, seosd may not be able to handle all events it should process. In these situations, access denied events are recorded in the logs

12 Dec 2013 11:39:00 W FILE <dir>\<file> Read 202 4 <prog_name>\ C:\WINDOWS\system32\inetsrv\inetinfo.exe <domain>\<username>(OS user)

and the Windows event log contains hang errors for driver seosdrv like the following

21/10/2013 10:00:35 seosdrv Warning none 2 N/A PGP2 Hang at inetinfo.exe(1912), FileDes

Solution:

This is caused by the seosdrv driver, responding with a 0 value for timeout when the system is running under heavy load. The situation may be resolved by setting QueueTimeout = 4 with QueueTimeoutAnswer = 1 in the FsiDrv Registry configuration, under HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\FsiDrv.

It is also possible to alleviate the problem by reducing the amount of events being sent so seosd. For instance, by defining a SPECIALPGM resource for the programs accessing files in a certain directory if no individual rule for each file has been set, or by defining specific access rules as opposed to generic ones (e.g. define FILE /mypath/myfile access rules instead of FILE /mypath/* ones)