We're in the process of migrating from 4.5.6139 to 5.2.0225; thus far, the migration is going extremely well - with one bizarre issue haunting my sleep.
I started seeing this behavior about 2 weeks ago, on machines that (so far as I can determine) have not had any changes made (ie, the latest round of Windows Updates have not been applied, the machines are tightly controlled, no software has been installed). It also impacts some machines running CSA 4.5.6139.
However, it does not impact ALL machines - only we have a couple machines that are not impacted.
Versions of Outlook include 2000 and 2003; all machines are Windows XP Sp2, current with patches with the expcetion of August 2007 batch.
Scenario: user opens an e-mail, and right clicks on an attachment to save it. When the common dialog control for saving as comes up, the "My Computer" icon is missing - replaced with the "blank" generic Windows icon, and CSA triggers rule 576, saying that Outlook.Exe attempted to access Explorer.Exe, and was denied.
Additionally, the machine might display more icons as blank: for example, one of our admins has the ASA ASDM Launcher on his desktop, and that shows up with a blank icon in the save as dialog, and Rule 576 is triggered with "Outlook attempted to access ADSM.exe and was denied."
In attempting to get a handle on this issue, I have put the entire "Untrusted Classification Content Module" into test mode, reset the agent on a test machine, and still rule 576 is triggered - which strikes me as bizarre, if I understand the triggering conditions correctly.
Anybody have any thoughts?
This is not a showstopper, but I'm concerned because I don't understand why this rule has started to get triggered when we have made no change to our environment.