Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

In CSA 4.5, multiple various apps injecting code into a single specific

In CSA 4.5, multiple various apps injecting code into a single specific process or application. Is there a way to stop <all apps> from injecting code into ONLY one specific application?

I have over 500 events a day as a System API block <all applications> from injecting code into a single specific process. The process (or app) is a Unix Emulation piece. It is called ReflectionX if anyone knows it.

It looks like there isn't a way to put in a HPDeny so that it will stop logging. I am not worried about it, however other security people here feel that it is in someway hurting the application. It is very strange that all these various apps are targeting this single process the most.

What does one do?

1 REPLY
Blue

Re: In CSA 4.5, multiple various apps injecting code into a sing

There really isn't a good way with this particular rule. If it is a finite list of apps trying to inject code into r1win.exe, you could create an app class and add it to the exceptions list that are allowed to do this. Not the best security practice especially if it includes apps like iexplore.exe, winword.exe, etc..

Another method might be to use a Dynamic Application Class. Set it up so that whenever Reflections does "X", all applications are allowed to inject code.

This would be a bit trickier since you have to analyse what causes the process in the first place and have it trigger the exception.

113
Views
0
Helpful
1
Replies