Event ID - 540

Event Id540
SourceRealSecure
DescriptionThe Guest_User_Login signature does not fire on RealSecure Server Sensor installed on a Windows 2000 machine
Event InformationAccording to iss:
Resolution:

Follow the instructions below:
1. Open the Policy Editor
2. Select the OS tab-->OS Events-->NT Folder-->User Defined Events-->NT EventLog Rules
3. Click ADD
4. Enter a name for the new rule, Click OK
5. Select the new rule in the left pane of the Policy Editor.
6. Set Origin to Security
7. Enter "Security" as Source
8. Set Type to 8
9. Set Category to 0
10. Set ID to 540
11. Set the regular expression to =,guest
12. Select Info and add the following name/value pairs:
User @String0
Domain @String1
13. Save changes and be sure to apply the new policy to the Server Sensor.

Note: The above User Defined workaround may also be used for the disable and suspend responses.
Reference Linksevent id: 528 and source:RealSecure

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.