Not sure if there is a supported way to prevent it. Maybe the best approach here is to detect when Security log was cleaned.
How to disable security logs cleaning?
EEEEEEEEEEEEEE BBBBBBBBBBBBBBB
0
Reputation points
Hello, I use Windows Server 2022 Datacenter, and I want to disable the clean function for logs. I'd done it for all logs, like Application, System but I can't do it for Security logs.
The command which I used:
wevtutil sl security /ca:"O:BAG:SYD:(A;;0xf0005;;;SY)"
I know that it isn’t good permissions, it just for example.
wevtutil gl security
name: security
enabled: true
type: Admin
owningPublisher:
isolation: Custom
channelAccess: O:BAG:SYD:(A;;0xf0005;;;SY)
logging:
logFileName: %SystemRoot%\System32\Winevt\Logs\security.evtx
retention: true
autoBackup: true
maxSize: 20971520
publishing:
fileMax: 1
But after setting permissions I still can clean it.
wevtutil cl security
I'd tried to set perms by the GPO, but nothing changed
Windows for business | Windows Server | User experience | Other
20,213 questions
Windows for business | Windows Server | Devices and deployment | Configure application groups
1 answer
Sort by: Most helpful
-
poliveirasilva-MSFT 86 Reputation points Microsoft Employee
2023-09-25T17:03:16.25+00:00