07-10-2007 01:52 AM - edited 03-10-2019 03:41 AM
Events in CSA MC for agents shows system state along with details,rule & wizard. Why does system state mean?
When i follow the wizard to create an exception rule,when i click finish it gives an error "see csamclog.txt for details".I checked the log file it shows
"[PID=3800] [webadmin]: {Invalid network interface specification Broadcom NetXtreme Gigabit Ethernet.<br> Expected components for wireless interfaces (separated by backslash characters): type, mode, encryption, SSID.<br> Expected components for PPP interfaces (separated by backslash characters): interface type, device type, device, remote computer.<br> Expected components for other interfaces: type, name.} {Invalid network interface specification VMware Virtual Ethernet Adapter for VMnet1.<br> Expected components"
07-10-2007 01:51 PM
System state is used to apply additional rules to a host and is usually set when a "set" rule is triggered.
An example is "Untrusted Rootkit Detected".
If the Kernel Protection rule detects a driver loading dynamically that it doesn't recognize as trusted, it applies the "Untrusted Rootkit Detected" system state to the host.
It then activates the "Rootkit lockdown module" dynamically which prevents the host from communicating as a client or server.
The system state must be reset from the MC and should be done after you've made an exception (for a false positive) or disinfected the machine.
Not sure why the wizard was giving you errors unless it didn't recognize the network interfaces discovered.
You should be able to view all your network interface variables under:
Configuration > Variables > Network Interface Sets
Tom
07-11-2007 06:02 AM
Hi there,
Also be careful.
CSA Shims don't install on the VMware server when installing on one of the hosts, I ran into a small problem with this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide