Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 531 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event ID: 531
Event Source: MDaemon
Event Type: Warning
Event Description: **** ALERT **** AntiVirus did not respond within expected time limit; CFEngine may have stopped responding; it will be stopped and restarted [EvProcess]
Event ID: 531
Event Source: Security
Event Type: -
Event Description: -
Comment: The WMI service could be the cause. To isolate the issue, please refer to the following steps:

1.     Please check whether winmgmt service is listed in the output of tasklist /svc.
2.     If it is included, please restart the winmgmt service to see whether the event 531 is generated again. If so, the issue is caused by winmgmt. Please refer to the following steps to recompile SCM.MOF file:

1) Log on as an administrator.
2) From a command prompt, enter "at [time] /interactive cmd.exe", where [time] is some time in the near future.
3) Switch to the new command prompt that launches.
4) Change to c:\windows\system32\wbem.
5) Execute "mofcomp scm.mof”.

3.     If the root cause is not winmgmt, please restart the services listed in tasklist /svc Index: 56

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.