I was pretty sure that the CSA even protected themselves.
I assumed that the CSA did not give Symantec access to put the files that belong to the CSA in quarantine
We have run CSA and Symantec AV for almost 6 years.
On all our workstations / laptops
running with CSA as behavioral protection and Symantec for AV protection.
Now symantec started in their version 12.1 begun SONAR little as Cisco Sensor Base.
But now, Symantec don't trust CSA see my CSA log from CSA MC
The 'Symantec AntiVirus' service logged event code 51 into the application event log:
Security Risk Found!SONAR.ProcHijack!gen1 in File: c:\program files\cisco\csagent\bin\leventmgr.exe by: SONAR scan. Action: Reboot Required. Action Description: The file was quarantined successfully.
At 5 workstations I've got this event and the problem with this is that CSA is not very active, however it has its system state but there is no log in the local log and there will not be sent logs to CSA MC and CSA MC sees these PCs as inactive in the CSA MC
I've now got the antivirus people believe, to trust CSA leventmgr.exe in symantec
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...