Re: CSA 4.5 and SMS

mbarasch · ‎06-06-2005

Is there a way in the new CSA 4.5 to allow anything to run on a client PC if it came from a specific server? We have a SMS server that needs to be allowed to run whatever it needs to on all our computers. I saw under system state there is a 'network address ranges' but I'm not sure if this would do it or not.

tsteger1 · ‎06-06-2005

We have specific servers that are allowed to connect to hosts and/or run network services on certain ports and we used the network address ranges to make the exceptions.

Hope this helps...

Tom

mbarasch · ‎06-07-2005

I was told yesterday that the network address ranges under a System State rule applies to the ip address that's running on the client. Is this correct? I need it to apply to server that is trying to run the application or network service on the PC that has the agent running.

tsteger1 · ‎06-07-2005

That's correct but that's not where you would create the rule.

The system state sets define when a system is more or less vulnerable or on a particular network, etc...

What you need to do is identify what SMS actually does and then create rules to allow it. Then you can limit where the SMS contact comes from if you want to.

Tom

nrmdcs · ‎06-07-2005

We also run SMS, and have a File Access Control Rule that allows the Scanwrapper.exe located at @system\CCM\** to prety much do anything it wants.

It seems like Scanwrapper.exe is the initiating process that starts SMS off.

Hope this helps.

Regards

Brad Foy