Re: Why is splunk-winprintmon.exe being run every ...

tkw03 · ‎02-04-2021

Can someone tell me what this log record means? I see MANY of them across all my widows hosts but I am unsure of why its invoking winprintmon.exe? We ARE monitoring windows events on this machine BUT not printer monitoring.

02/03/2021 02:02:29 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=6417
EventType=0
Type=Information
ComputerName=hostname.domain.com
TaskCategory=System Integrity
OpCode=Info
RecordNumber=3903849
Keywords=Audit Success
Message=The FIPS mode crypto selftests succeeded.

	Process ID:		0x1e2c
	Process Name:		C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe

I am just unsure why its invoking winprintmon.

It seems to run every minute.

Thanks as always

scelikok · ‎02-04-2021

Hi @tkw03,

Splunk monitor processes are checked and restarted every 60 seconds even there is no active input.

You can disable them by adding below to inputs.conf on forwarders;

[WinPrintMon]
interval = -1
disabled = 1

. You may see splunk-* processes other than splunk-winevtlog.exe. You can do similar for them too.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

Why is splunk-winprintmon.exe being run every minute?

inputs.conf

universal forwarder

Windows

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?