- Gold, 750 points or more
Determine if there is any explicit statement that permits this user state to disable the Cisco Security Agent (CSA) processes.
Although the combination of User State != (NOT equal to) install user and a deny action implies that install user is permitted, the system requires an explicit permit statement.
To construct a rule to explicitly permit this user state to make this change, perform these steps:
- Change the user state from Users Matching: All But Not: *\installuser to Users Matching: *\installuser.
- Re-name the user state to InstallUser (so that it reads more logically).
- Ensure that The Rule Action = Allow "attempt to disable agent security is checked.
Re-test the rule.