What are the requirements to collect Process Data using WMI collection method with Guest Process Investigation (GPI) cartridge
Windows Management Instrumentation (WMI) allows for management, control, and monitoring of systems in your enterprise. The Cartridge for Guest Process Investigation uses WMI to connect to virtual and physical machine hosts to collect process metrics. The following information must be taken into consideration when using the WMI with the Cartridge for Guest Process Investigation:
You must have a local or domain administrator’s account to collect process data.
You cannot use WMI with the Cartridge for Guest Process Investigation to collect metrics thorough a firewall. You must turn the firewall off to collect metrics or use WinRM.
The WMI collection method may require that the Remote Registry service be running on the target host. Some versions of Microsoft Windows (most commonly Vista) do not enable this service by default. It is recommended that you verify this service is running and configured to start automatically.
Note If the Remote Registry service is started after attempting collection, you must restart FglAM before the collection will be successful.
Some access restrictions on Windows Server 2008 R2 restrict access to certain areas of the registry that prohibit the Guest Process Agent from collecting data. Please refer to SOL66822
It may be necessary to turn off UAC (User Account Control) as well on Windows 2008 and above platforms