ETW events coming even disabled in recorder configuration

search cancel

ETW events coming even disabled in recorder configuration

book

Article ID: 252802

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Protection with Endpoint Detection and Response

Issue/Introduction

EDR appliance receives ETW events even when a rule disables ETW logs of a specific type recorder configuration. Detection and Response policy object is not propagated to the SEP endpoint.

Cause

missing input validation may lead a customer to enter incorrect values for ETW Recorder rule

Resolution

Please upgrade to EDR 4.7 or later, where EDR implement an input validation.

Feedback

thumb_up Yes

thumb_down No