-When <auto_ignore>no</auto_ignore> is set in ossec.conf, I would still expect to be able to ignore individual files with something like ./bin/syscheck_control -i nnn -d -f <filename>, but it does not ignore the file.

-When <auto_ignore>no</auto_ignore> is set in ossec.conf and the file has changed more than three times, syscheck_control reports that it is being ignored.

-Attempting to list a windows file by using the format of the filename in the alert does not work, unless the slash is escaped. For example, this does not work:

./bin/syscheck_control -i 005 -f C:\WINDOWS/system32/perfc009.dat

However, this does:

./bin/syscheck_control -i 005 -f C:\WINDOWS/system32/perfc009.dat

Perhaps OSSEC could internally escape the back slash.

Finally, it would be nice to also support the standard windows convention of using back slashes only when putting in a full path, and since back slashes cannot be in a filename, OSSEC could presume to escape or convert to forward slashes any that were found in the argument. That way, something like this would work: C:\WINDOWS\system32\perfc009.dat