i have a customer who uses WMI method of polling a few servers. the servers have auditing success & failure of the "Sensitive Privilege Use" category, which includes the privilege SeBackupPrivilege
the polling causes Security Event Log to fill with enormous amounts of Event ID 578 (success use of the SeBackupPrivilege) being generated by the domain uid used to do the polling.
anyone know why this polling through WMI invokes the use of this privilege?