|
|
|
Forum Newbie
Group: Forum Members
Last Login: 3/7/2018 5:43:55 PM
Posts: 1,
Visits: 0
|
|
We are getting a high volume of 4663 events in our environment. Mostly coming from virtual servers hosted on a VMWare platform. We noticed that the events are mostly triggering off activity to the D: drives on these servers, which makes sense in some respect b/c the hosted/primary applications are running off of the D: drives. But also we noticed the Task Category fields in the events shows as "Removable Storage".
We think based on our research of VMware that this is unique to them. And the resolution the VMWare forums suggest is too complicated to undertake.
We are considering Disabling either the Audit Removable Storage policy or the Audit object access policies or both. But also concerned about reducing security and visibility.
Looking for suggestions on handling these events.
|
|
|
|