Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA Config - Trojan Detection

I have an application class (anti-virus in this case) configured as an exception to the trojan detection policy, however it's not working. No matter what application class I exclude, it seems to be ignored. Seems to be a bug.

7 REPLIES
New Member

Re: CSA Config - Trojan Detection

Any update on this...would be helpful to all if you can post an update...tahnks

Blue

Re: CSA Config - Trojan Detection

Would this be McAfee Antivirus and frameworkservices.exe by any chance? If so we are having a similar problem.

New Member

Re: CSA Config - Trojan Detection

Nope - Trend.

New Member

Re: CSA Config - Trojan Detection

Are you still having this problem? Is the "wizard" avaliable in the event log? IF so, have you created an exception using the wizard?

BC

New Member

Re: CSA Config - Trojan Detection

I seem to have solved it with multiple rule exclusions.

New Member

Re: CSA Config - Trojan Detection

Can you post how you did it? We are seeing 'keystroke captruing alerts" from the trojan detection engine for

iexplore.exe

explorer.exe

nnotes.exe

frameworkservices.exe

and a few others

We have created exceptions but the alerts persist as if its not recognizing the EXE file.

So when you say multiple rule excluions, what exactly are you doing?

thx

Blue

Re: CSA Config - Trojan Detection

As long as you have those executables in an application class, you can add the application class to the exclusion list of each behavior in the trojan detection rule that triggers the event. If not, you need to create the app class first, then add it to the list. There are several of these rules assigned to different policies so you'll want to make sure you either change each rule for each policy or create one rule and copy it to the other policies. The wizard can help you get started as it can be pretty tricky trying to figure out which behavior is triggering the rule.

Hope this helps...

117
Views
0
Helpful
7
Replies
CreatePlease login to create content