Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
5
Helpful
3
Replies

CSA 5.2 and SAS Institute problem

Rene Rolsted
Level 1
Level 1

‎03-28-2008 06:29 AM - edited ‎03-10-2019 04:02 AM

I have read in the book ”Advanced Host Intrusion Prevention with CSA” some applications , CSA can , at times look like a debugger trying to interfere with the licenseing code, and some crash.

You can work around this situation by implenting a simple policy changes that adds the application in question to the builtin CSA application class called <Processes Requiring Kernel Only Protection>. Subsequent runs of that application do not trigger this particular issue, and the application is allowed to run correctly.

But how could I add a application to the builtin CSA application class called <Processes Requiring Kernel Only Protection> ?

We have a problem with SAS institute

Labels:
0 Helpful
3 Replies 3

tsteger1
Level 8
Level 8

‎03-28-2008 09:51 AM

Create an application control rule that triggers whenever "any application" tries to run "SAS institute"

Set it to take the action "add new process to application class" and add it to the dynamic application class "processes requiring kernel only protection".

Tom

chickman
Level 1
Level 1
In response to tsteger1

‎03-30-2008 11:58 AM

Great explanation!

0 Helpful

tsteger1
Level 8
Level 8
In response to chickman

‎03-31-2008 09:09 AM

Thanks Christopher. Let's hope it works...

Tom

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card