We are having problems with allowing the Numara Track-IT application, version 8.0 to operate correctly with CSA. The two features of the application we are attempting to use are Audit and Take Control. We can usually audit a host without trouble, but experience problems when we try to take control of the host.
In our attempts to allow the Track-IT application to function as it needs to, we have created the following:
1. Separate group that contains all hosts except the MC
2. Policy that contains a single rule module
3. Rule module with rules as follows:
- Allows Track-IT application class to read and write all files
- Allows Track-IT application class to access all registry keys
- Allows Track-IT application class to all System APIs
- Allows Track-IT application class to run <All Applications>
- Allows Track-IT application class to act as server on all ports
- Allows Track-IT application class to act as client on all ports
- Allows Command Shell, MS Services, MS svchost, sysocmgr, winmgmt, wmiprvse, Recently Created Untrusted Content, to run Track-IT application class
- Allows All Applications to run Track-IT application class
We have essentially copied creating a Dynamic Application Class from Cisco Press book, Advanced Host Intrustion Prevention with CSA, pages 191-196. With all of that, we still cannot take control of the remote hosts. Nothing is logged in the CSA MC, and we receive messages from Track-IT such as "Software Push Failed", "Network Name Cannot be Found", or it just sits at "Waiting".
Any suggestions or assistance would be greatly appreciated.
We have been able to audit and take control with the Track-IT policy applied. We then added another policy, our standard Approved Applications class, and again we had success. We have now added the hosts to the Desktops - All Types (5.2.245) and are going to test again. I will let you know the results.
The good was that with repeated testing, we were able to successfully audit and take control of a few computers, and all was good.
The bad was that the next day, those same computers all had issues with CSA detecting explorer.exe as exhibiting potential virus behavior and terminating the process. We had all hosts in the Desktops - All Types group, which we believe to be the only group that would block anything.
I have not had an opportunity to check back. I should have something further on Monday.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...