CSA 6.0.1 Rules Which Have Been Removed But Still Trigger Alerts

Unanswered Question
Jul 29th, 2009

What is the rational behind rules which have been removed but still trigger events?

What is the Best Practice we should follow with them? Suppress?

We are talking about Rule 732 from the default configuration. It triggered an event for an application we later Whitelisted. Subsequently, we deleted the rule and now we still see the notices in our Events Log.

Anyone have an idea on a workaround?

Thank you in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pmccubbin Wed, 07/29/2009 - 10:13

I am thinking it is this bug:


File Access Control rule triggers incorrectly


User notices that a File Access Control rule triggers unexpectedly as the

file mentioned in the event was not supposed to be targeted by that rule.


This Discussion