Agents Administration - Tests
 

Default Parameters for ScrtySrvceChecksTest

The ScrtySrvceChecksTest monitors the Windows service logs and tracks the number of recently installed programs and services. This test also reports the number of services that were disabled but are still found to be running. In addition, this test helps administrators to keep an eye on the number of Windows services with vulnerable permissions and unquoted Windows services. This way, administrators are promptly alerted to any possible malicious attacks and thus they can proactively eliminate any security threat before it leads to catastrophic outcome.

This page depicts the default parameters that need to be configured for the ScrtySrvceChecksTest.

  • The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

  • Specify the path to the log file of the target Windows host in the LOG LOCATION parameter. By default, this is set to None. This implies that the eG agent will automatically collect the required metrics from the log file available in the default log file location. If the log file is in a different location, then, you have to explicitly specify the location of the log file in this text box.

  • Specify the comma-separated list of services that needs to be disabled in the SERVICE TO BE DISABLED text box.

    Note:
    • When configuring the SERVICE TO BE DISABLED parameter, make sure that you specify the Display Name of the service, and not the service Name you see in the Services window on your Windows host.
    • When monitoring an Microsoft SQL server, the SERVICE TO BE DISABLED parameter will be set to Microsoft SQLServer by default. However, if the Microsoft SQL server being monitored was installed using a named instance, the SQL service name will change. In such a case therefore, ensure that the SERVICE TO BE DISABLED parameter is reconfigured to reflect the correct service name.

    To save the time and effort involved in manual service specification, eG Enterprise offers an easy-to-use auto-configure option in the form of a View/Configure button that is available next to the SERVICE TO BE DISABLED text box. Refer to Auto-configuring the Windows Services to be Monitored document for details on how to use this option.

  • The DD FREQUENCY parameter refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD FREQUENCY parameter.

  • Once the necessary values have been provided, clicking on the UPDATE button will register the changes made.

When changing default configurations of tests, the values with “$” indicate variables that will be replaced by the eG system according to the specific server being managed - for instance, $hostName is the host/nickname of the target host, $port is the port number of the server being monitored. E.g., for a server xyz:80, $hostName will be changed automatically by the eG manager to “xyz*” and $port will be changed to “80” when configuring a test.