How to configure Cisco Security Agent (CSA) version 4.0 to permit the install user to stop CSA agent processses

Document

Wed, 11/18/2009 - 18:23
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Resolution

Determine if there is any explicit statement that permits this user state to disable the Cisco Security Agent (CSA) processes.

Although the combination of User State != (NOT equal to) install user and a deny action implies that install user is permitted, the system requires an explicit permit statement.

To construct a rule to explicitly permit this user state to make this change, perform these steps:

  1. Change the user state from Users Matching: All  But Not:  *\installuser to  Users Matching: *\installuser.
          
  2. Re-name the user state to InstallUser (so that it reads more logically).

  3. Ensure that The Rule Action = Allow "attempt to disable agent security is checked.

Re-test the rule.


Loading.

Actions

This Document

Related Content