Getting Data In

Why is splunk-winprintmon.exe being run every minute?

tkw03
Communicator

Can someone tell me what this log record means? I see MANY of them across all my widows hosts but I am unsure of why its invoking winprintmon.exe? We ARE monitoring windows events on this machine BUT not printer monitoring.

 

 

 

02/03/2021 02:02:29 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=6417
EventType=0
Type=Information
ComputerName=hostname.domain.com
TaskCategory=System Integrity
OpCode=Info
RecordNumber=3903849
Keywords=Audit Success
Message=The FIPS mode crypto selftests succeeded.

	Process ID:		0x1e2c
	Process Name:		C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe

 

 

 

I am just unsure why its invoking winprintmon. 

It seems to run every minute.


Thanks as always

Labels (3)

scelikok
SplunkTrust
SplunkTrust

Hi @tkw03,

Splunk monitor processes are checked and restarted every 60 seconds even there is no active input.

You can disable them by adding below to inputs.conf  on forwarders;

[WinPrintMon]
interval = -1
disabled = 1

. You may see splunk-* processes other than splunk-winevtlog.exe. You can do similar for them too.

 

If this reply helps you an upvote is appreciated.
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...