How to configure Cisco Security Agent (CSA) version 4.0 to permit the install user to stop CSA agent processses

Document

Jun 22, 2009 4:13 PM
Jun 22nd, 2009

Resolution

Determine if there is any explicit statement that permits this user state to disable the Cisco Security Agent (CSA) processes.

Although the combination of User State != (NOT equal to) install user and a deny action implies that install user is permitted, the system requires an explicit permit statement.

To construct a rule to explicitly permit this user state to make this change, perform these steps:

  1. Change the user state from Users Matching: All  But Not:  *\installuser to  Users Matching: *\installuser.
          
  2. Re-name the user state to InstallUser (so that it reads more logically).

  3. Ensure that The Rule Action = Allow "attempt to disable agent security is checked.

Re-test the rule.

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 22, 2009 at 4:13 PM
Stats:
Comments:0 Avg. Rating:0
Views:2070 Contributors:0
Shares:0

Related Content

Documents Leaderboard