CSA 5.2 and SAS Institute problem

Unanswered Question
Mar 28th, 2008

I have read in the book ”Advanced Host Intrusion Prevention with CSA” some applications , CSA can , at times look like a debugger trying to interfere with the licenseing code, and some crash.


You can work around this situation by implenting a simple policy changes that adds the application in question to the builtin CSA application class called <Processes Requiring Kernel Only Protection>. Subsequent runs of that application do not trigger this particular issue, and the application is allowed to run correctly.


But how could I add a application to the builtin CSA application class called <Processes Requiring Kernel Only Protection> ?


We have a problem with SAS institute


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
tsteger1 Fri, 03/28/2008 - 09:51

Create an application control rule that triggers whenever "any application" tries to run "SAS institute"


Set it to take the action "add new process to application class" and add it to the dynamic application class "processes requiring kernel only protection".


Tom



Actions

This Discussion