Disabled alert rule for Batch Logon. There is a report that is capturing this. The rule is still present and can be enabled.
Created override for Local Account Creation rules for domain controllers. While this didn’t appear in any testing, I was told that some security software can generate false positives for this one on domain controllers. Since DCs don’t have local accounts to begin with, I simply turned this off for domain controllers.
Fixed a bug with regsvr32 remote registration of DLL rule.
Added rules/discoveries associated with writeable locations in the OS. Note that there are three parts to this series.
Added a timeout as an overridable parameter to the SMB1 collection rule. The specified timeout of 60 seconds was causing failures in my lab. I upped this value to 300 seconds as the default setting.
Turned off registry monitor for WDigest settings. This was not needed in Server 2012/2016. With Server 2008 going out of support, I’ve disabled the monitor. It is still present if someone desires to use it.