Gen EDGE

 View Only

 logwatnt.exe

Douglas Seaver's profile image
Douglas Seaver posted Apr 13, 2023 02:46 PM

Is logwatnt.exe used or needed by any part of Gen licensing or other?

My organization is trying to remediate this issue (below) and I'm wondering if we can just remove the file.

" I’m reaching out to you as Tenable is reporting there are insecure permissions set for LogWatch, which appears to be associated with the CA Gen   application.  Tenable is reporting that the logwatnt.exe has “write” permissions allowed for the “Users” and “Domain Users” groups which is insecure.

Path : c:\program files (x86)\ca\sharedcomponents\ca_lic\logwatnt.exe

Used by services : LogWatch

File write allowed for groups : Users (...), Domain Users (...)   "

Lynn Williams's profile image
Broadcom Employee Lynn Williams posted Apr 13, 2023 09:08 PM
This old information solution for Gen 6.5 covers that LogWatNT.exe is run by the service "Event Log Watch" ("CA Licensing Event Log Management").
It suggests the service can be set to Manual after the installation.
From what I see in my Gen 8.6 environment when I stop the "Event Log Watch" service the LogWatNT.exe process is removed from the Task Manager Details tab, so that matches the above.
After disabling the "Event Log Watch" service, I tested renaming my license file "C:\Program Files (x86)\CA\SharedComponents\CA_LIC\ca.olf" and when I started the Toolset a CA_LIC error is still logged in the Windows Event Viewer under "Windows Logs > Application".
Therefore there appears to be no negative impact on the license checking with service "Event Log Watch" not running. So changing permissions on LogWatNT.exe or removing it altogether should in theory be OK. However you may want to log a support case for us to confirm that 100%.
 
Regards,
 
Lynn
Lynn Williams's profile image
Broadcom Employee Lynn Williams posted Apr 17, 2023 09:39 PM

Hi Doug,
I discussed this further with Gen Engineering and in summary, we believe that keeping the service "Event Log Watch" stopped should have no negative impact. I created a KB article to cover it so more details can be found here: Is LogWatNT.exe required for Gen licensing to function

Regards,

Lynn