We are currently on 2016.3 SU5 the agent on some systems are from 2016.
The event log is currently being spammed with Audit Failure messages.
Should this account automatically be remove once we upgrade the device to the latest agent or why this is occurring?
The below is message from a KB.
**In the 2016.3 SU3 and 2017.1 release, CBA_anonymous has changed and no longer creates a cba_anonymous account. We have started using local account and GPO/permissions are no longer needed. The account can be deleted and will not be added when the new agent is installed.**