03-28-2008 06:29 AM - edited 03-10-2019 04:02 AM
I have read in the book âAdvanced Host Intrusion Prevention with CSAâ some applications , CSA can , at times look like a debugger trying to interfere with the licenseing code, and some crash.
You can work around this situation by implenting a simple policy changes that adds the application in question to the builtin CSA application class called <Processes Requiring Kernel Only Protection>. Subsequent runs of that application do not trigger this particular issue, and the application is allowed to run correctly.
But how could I add a application to the builtin CSA application class called <Processes Requiring Kernel Only Protection> ?
We have a problem with SAS institute
03-28-2008 09:51 AM
Create an application control rule that triggers whenever "any application" tries to run "SAS institute"
Set it to take the action "add new process to application class" and add it to the dynamic application class "processes requiring kernel only protection".
Tom
03-30-2008 11:58 AM
Great explanation!
03-31-2008 09:09 AM
Thanks Christopher. Let's hope it works...
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: