Environment
- Cb Defense Sensor: All Versions
- Microsoft Windows: All Supported Versions
- GPO deployment
Objective
Resolution
From the Event Viewer GUI:
1. Open Windows Event Viewer (eventvwr.msc)
2. Select the Sytem log
3. Select Filter Current Log
4. Enter Event ID: 303
5. Look for "The removal of the assignment of application Cb Defense Sensor xx-bit 3.x.x.x from policy %policy name% succeeded"
From locally stored System.evtx:
1. Open a command prompt
2. Change Directory (cd) into the folder where the local copy of System.evtx resides
3. Paste the following:
wevtutil qe ".\system.evtx" /q:"*[System[(EventID=303)]]" /lf:true /c:20 /rd:true /f:text > GPO_assignment_check.txt
4. Open GPO_assignment_check.txt and look for: "The removal of the assignment of application Cb Defense Sensor xx-bit 3.x.x.x from policy %policy name% succeeded"
Additional Notes
Related Content