In CSA 4.5, multiple various apps injecting code into a single specific
In CSA 4.5, multiple various apps injecting code into a single specific process or application. Is there a way to stop <all apps> from injecting code into ONLY one specific application?
I have over 500 events a day as a System API block <all applications> from injecting code into a single specific process. The process (or app) is a Unix Emulation piece. It is called ReflectionX if anyone knows it.
It looks like there isn't a way to put in a HPDeny so that it will stop logging. I am not worried about it, however other security people here feel that it is in someway hurting the application. It is very strange that all these various apps are targeting this single process the most.
Re: In CSA 4.5, multiple various apps injecting code into a sing
There really isn't a good way with this particular rule. If it is a finite list of apps trying to inject code into r1win.exe, you could create an app class and add it to the exceptions list that are allowed to do this. Not the best security practice especially if it includes apps like iexplore.exe, winword.exe, etc..
Another method might be to use a Dynamic Application Class. Set it up so that whenever Reflections does "X", all applications are allowed to inject code.
This would be a bit trickier since you have to analyse what causes the process in the first place and have it trigger the exception.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...