I have a customer running CSA in Testmode on a Citrix Server. When a user successfully starts a session on the Citrix server, CSA produces a message in the event log.
TESTMODE: The process '<remote application>' (as user xxxx\xxxx) attempted to modify a Cisco Security Agent resource Cisco Registry Key\Value: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\csahook\. The operation would have been denied.
Can someone explain what this message really indicates.
It means that if the client had been running the CSA Agent in "Live" mode rather than Test mode then the remote application would not have been allowed to modify a CSA resource.
You will see plenty of similar messages and your Value Add to the customer will be to work with them to decide which should be allowed and which should be denied. This is part of the testing and tuning of the CSA application that needs to be done at the beginning of every CSA implementation.
Sorry, I should have been more clear. I understand the "TestMode" part of the message. It's just not clear what is happening regarding the csahook message. The user isn't doing anything but logging into a Citrix session.
Because the user is logging in remotely, CSA sees it as a remote application and by default, they are not allowed to modify the registry. You could try creating an exception, but unless you have a local event to trigger it (login maybe?) you may open things up a bit more that you'd like. can be many things, not all of them benign.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...