Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CISCO SECURITY AGENT unmanaged on CM !

Is their any way to find out what polices the CSA is using to mitigate attacks with the unmanaged client?

Or this feature only available with the mangemnet console i.e setting polices ?

If thats the case

Is their any thing "polices"that can be configured with the unmanegd client ?Or can we veiw current policies.

Also I'm seeing events similar to the ones below in the csa log,after NMAP scans of CCM Buth dont seem to be seeing/getting events in the pop-up box or event viewer log.

It appears the CSA unmanged client is designed deployed "unmanged" as a one trick pony.

And to get excited we need the mangment centre for policy controll.

And therfor events/attacks will not be shown in the CSA message box.

I tried to probe scan and copy files to the CCM to excite the Message box to display messages and asess their validity.but nothing popped.

I do get

Text log displays messages : )

2003-11-18 16:16:51.108,Warning,"There were 18 IP packets dropped in the last minute due to NetShield policy enforcement. Source addresses included X.X.X.1. If this message occurs frequently, then your systems may be under attack or are being probed.","FIREWALL_DROP_SUMMARY","","",,,,,,,"",,"(

In conclusion what are the default policies for unamnged client(Just logging warnings that we may be under attack from suspicous behaviour) as it is obviously "DOING A little"

1 REPLY
Bronze

Re: CISCO SECURITY AGENT unmanaged on CM !

Yes, there is an xml file that comes with the client, and is there so that you can import the xml file into your VMS server, and manage your CM's centrally.

77
Views
0
Helpful
1
Replies
CreatePlease to create content