Applicable versions and levels
Windows versions: V5.0L10 or later
Action
Points to check
Are you using the monitoring function for security events in Windows?
Cause
The f3crheeg process monitors event logs in Windows and the f3crhesv process compares events output to the event log with the Event Monitoring Conditions Definitions. If the monitoring function is used for security events in Windows, then processing may be delayed due to a large number of messages being output for security logs in the event log.
Action method
Use the minimum amount of resources required for implementing Windows audits.
If the event monitoring function is not used, perform the following procedure to address this issue.
Change the Startup Type of the services below from Automatic to Manual:
Systemwalker MpAosfB
Systemwalker MpAosfX
Remarks
The monitoring function for security events in Windows is set up using User Manager in Windows NT(R), and Security Policy in Windows(R) 2000, Windows(R) XP, Windows Server 2003 STD, Windows Server 2003 DTC, Windows Server 2003 EE and later.
