Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Exception Rule wizard

Events in CSA MC for agents shows system state along with details,rule & wizard. Why does system state mean?

When i follow the wizard to create an exception rule,when i click finish it gives an error "see csamclog.txt for details".I checked the log file it shows

"[PID=3800] [webadmin]: {Invalid network interface specification Broadcom NetXtreme Gigabit Ethernet.<br> Expected components for wireless interfaces (separated by backslash characters): type, mode, encryption, SSID.<br> Expected components for PPP interfaces (separated by backslash characters): interface type, device type, device, remote computer.<br> Expected components for other interfaces: type, name.} {Invalid network interface specification VMware Virtual Ethernet Adapter for VMnet1.<br> Expected components"

  • Intrusion Prevention Systems/IDS
2 REPLIES
Blue

Re: Exception Rule wizard

System state is used to apply additional rules to a host and is usually set when a "set" rule is triggered.

An example is "Untrusted Rootkit Detected".

If the Kernel Protection rule detects a driver loading dynamically that it doesn't recognize as trusted, it applies the "Untrusted Rootkit Detected" system state to the host.

It then activates the "Rootkit lockdown module" dynamically which prevents the host from communicating as a client or server.

The system state must be reset from the MC and should be done after you've made an exception (for a false positive) or disinfected the machine.

Not sure why the wizard was giving you errors unless it didn't recognize the network interfaces discovered.

You should be able to view all your network interface variables under:

Configuration > Variables > Network Interface Sets

Tom

New Member

Re: Exception Rule wizard

Hi there,

Also be careful.

CSA Shims don't install on the VMware server when installing on one of the hosts, I ran into a small problem with this.

97
Views
0
Helpful
2
Replies
This widget could not be displayed.