I have a erro message which i get constantly from my Desktop when applying policeis through Cisco Security Agent 5.1
1: Rues for kit:Test_mode_Desktop_v18.104.22.168 have complexity 7551 which exceeds maximum 7500
his error is constantly showing up in the Management center running through microsoft explorer web browser
You have too many items in your installation and need to delete some to get below the 7500 item limit.
Have you applied any hotfixes? If so, you could delete the older items not being used.
You can also delete items associated with OSs that you aren't using to reduce the number.
Thanks, what do you mean i have to many items in my installations. No hotfixes applied as of yet.
What are these errors associated with ?
It means you have too many groups, rules, app classes, variables, etc..
You need to reduce the number of individual items registered in the database in order to process the rules.
Try to consolidate and/or delete unused items.
If you don't have any Solaris or Linux hosts, that would be a good place to start.
Once you fall below this limit, it will allow you to generate the rules.
HOw do i remove the linux groups, can i remove the test_mode_desktop for windows as well, were do i remove the app classes and variables from.
I initially went into alert kits and removed the Solaris but i still receive the same error. However it seems to be only for the Test_mode_Desktop for the windows rule. I'm some what confused how to proceed.
No fixes applied and i am not running R2 on my windows 2003 server.
I'm talking about deleting rules, variables, policies, etc, not agent kits.
DO NOT remove the test_mode_desktop kit.
If you are confused about how to proceed, you should probably either attend a two day HIPS class or get one of the Cisco Press or other good books available.
If you decide to proceed, make sure you have a good full system and database backup before you start.
I understand, however in your firat email you said that i had to many things in my installation, and that i should remove things that are associated the the OS's.
This not what you are saying in your last post, you are now saying cleanup my Rules, variables and policies. These are not all the same thing.
So please clarify.
When I refer to 'items', I'm referring to rules, variables, policies, groups, hosts, etc...
Go to the search page and search for
Some are applicable only to a certain OS (Solaris, Linux or Windows) and you can modify your search to find just those.
I was suggesting deleting items for OSs you do not have.
That's what you need to work on getting below 7500 in order to generate your rules.
The test_mode_desktop agent kit for Windows (and Linux) are the default agent deployment kits that're created when you install the MC.
If you deploy agents with it and then delete it, any agents that re-register with the MC won't know which groups they belong to so will belong to none.
These are the two books which Tom is suggesting you peruse:
âCisco Security Agentâ by Chad Sullivan. Publisher: Cisco Press, 2005
âAdvanced Host Intrusion Prevention With CSAâ by Chad Sullivan. Publisher: Cisco Press, 2006.
They have helped me on numerous occasions.
Hope this helps.
Thanks i will check them out.
I know this may be a stupid quesrtions however what is the puspose of the test_mode_desktop Kit anyway.
It's a good question so no worries.
The Test Mode Desktop Agent is an economizing device for rolling out CSA. It allows you to see how policies will effect your end users without negatively impacting them. Remember that in Test Mode the agent actively inspects but does not enforce rules.
You can easily begin a deployment with the Test Mode Agent and be fairly certain you are not going to have any issues. This is why I call it an economizing device as it saves you time and usually a lot of headaches.
Hope this helps.