×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CSA rule for Application First Time Run

Unanswered Question
Sep 13th, 2006
User Badges:
  • Bronze, 100 points or more

Awhile back I created an Application Control rule as follows:


- Take the following action: Monitor

- when Current applications in any of the following selected classe: <First Time Application Execute>

- But not in any of the following selected classes: <none>

- attempt to run New applications in any of the following selected classes: <All Applications>

- But not in any of the following selected classes: <First Time Application Execute>


This rule isn't working as planned. I get a lot of repeat events. The help text for <First Time Application Execute> is "This application class includes the first invocation of any application which has never been observed to execute on this system." I'm wondering if that is reset after a period of time or a reboot.


I'm wondering if I have the classes backwards in my rule...


Also, in what scenarios is the "Add New Process to Application Class" and "Add Current Process to Application Class" actions best used?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.

Actions

This Discussion