How to configure Cisco Security Agent (CSA) version 4.0 to permit the install user to stop CSA agent processses

Document

Nov 18, 2009 6:23 PM
Jun 22nd, 2009

Resolution

Determine if there is any explicit statement that permits this user state to disable the Cisco Security Agent (CSA) processes.

Although the combination of User State != (NOT equal to) install user and a deny action implies that install user is permitted, the system requires an explicit permit statement.

To construct a rule to explicitly permit this user state to make this change, perform these steps:

  1. Change the user state from Users Matching: All  But Not:  *\installuser to  Users Matching: *\installuser.
          
  2. Re-name the user state to InstallUser (so that it reads more logically).

  3. Ensure that The Rule Action = Allow "attempt to disable agent security is checked.

Re-test the rule.

Overall Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 22, 2009 at 4:13 PM
Updated November 18, 2009 at 6:23 PM
Stats:
Comments:0 Overall Rating:0
Views:2087 Contributors:0
Shares:0

Related Content

 

Documents Leaderboard

Rank Username Points
1
ciscomoderator
23
2
TCC_2
14
3
hardeep4u
12
4
PAWS
10
5
ITA Terms
8
Rank Username Points
ciscomoderator
5