How to configure Cisco Security Agent (CSA) version 4.0 to permit the install user to stop CSA agent processses


Nov 18, 2009 6:23 PM
Jun 22nd, 2009


Determine if there is any explicit statement that permits this user state to disable the Cisco Security Agent (CSA) processes.

Although the combination of User State != (NOT equal to) install user and a deny action implies that install user is permitted, the system requires an explicit permit statement.

To construct a rule to explicitly permit this user state to make this change, perform these steps:

  1. Change the user state from Users Matching: All  But Not:  *\installuser to  Users Matching: *\installuser.
  2. Re-name the user state to InstallUser (so that it reads more logically).

  3. Ensure that The Rule Action = Allow "attempt to disable agent security is checked.

Re-test the rule.

Overall Rating: 0 (0 ratings)


Login or Register to take actions

This Document

Posted June 22, 2009 at 4:13 PM
Updated November 18, 2009 at 6:23 PM
Comments:0 Overall Rating:0
Views:2088 Contributors:0

Related Content