CSA 5.2 on a Developer PC

Answered Question
Jan 21st, 2008

Hi There

I have a case where a customer needs me to build a custom policy for around 250 pc's with developer users on them, this ranges from Eclipse RAD to Prolog developers, and some Mainframe people as well, and everything in between really.

Usually i give up upfront, since these types of people work in the most anarchistic ways, and with most of the time no systematic way of using their system...at least thats my experience.

Maybe someone has another experince with doing CSA policies for this type of user ?

I have this problem too.
0 votes
Correct Answer by didyap about 8 years 9 months ago

In CSA you can apply modules based on User States. Make sure you are running CSA 4.5.0 573 or the latest version of CSA 4.5.1 616 since 4.5.0 565 contained many bugs that did not allow User State rules to execute accordingly. You can find the documentation for the user states at:


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (3 ratings)
jan.nielsen Sun, 01/27/2008 - 15:56

Thanks, I am well aware of the features of csa, my point was that to some degree i was worried that managing these user would be a bigger job than the customer would accept.

tsteger1 Fri, 01/25/2008 - 15:50

We have about 160 GIS, Web, Java and IBM developers that use a variety of approved software tools and can usually be relied upon to introduce a few of their own.

They have a set of NAC rules to allow local VMs to act as servers to test new applications and allow servers to accept connections from them.

I also created policies for apps that cause the most alerts.

Are you going to support them after you build it? If not, they should have someone who understands it or it will be hard to maintain.


jan.nielsen Sun, 01/27/2008 - 15:59

Hi Tom,

So you are not seeing a lot of events from these systems ? Unfortunately the customer is not willing to use VM's for testing, they are RDP'ing to machines that are being used both as their regular office machines and as development, thats why i initially was worried it would cause to many changes, and eventually offer little to no protection. I have actually run a few in TESTMODE for a few days now, and am not seeing a big load of events other than network server related stuff, which can be easily managed. Thanks for the replies


tsteger1 Mon, 01/28/2008 - 10:20

Hi Jan, they are pretty quiet and they have almost the same protections as the rest of the hosts.

They are just allowed to run certain apps and connect to and be connected to from certain servers.


jan.nielsen Mon, 01/28/2008 - 14:04

Hi Tom,

That sounds good, maybe i was a bit quick on the draw in my assumption that this would be massive work, it seems there is not much more tuning to do at the moment than regular users, other than some server ports over 1024, which i am thinking of enabled for the ad group they are in, and bind it to the directories that their developer tools are located in. Thanks...

PS:I created a small tool yesterday that can be used to display the system state (offline/online) type function of csa. If anyone would like to try it please let me know. Right now it is set to look for the Security Level High/Low, but can be changed in the ini file. It will then show a green csa flag in the tray when your "online" and a red when you are "offline", and you can define other icons, and also the tooltip text when hovering over the icon.


tsteger1 Sun, 03/16/2008 - 22:11

Hi Jan, that tool sounds interesting.

I'd like to take a look.




This Discussion