cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
617
Views
5
Helpful
3
Replies

CSA 5.2 and SAS Institute problem

Rene Rolsted
Level 1
Level 1

I have read in the book ”Advanced Host Intrusion Prevention with CSA” some applications , CSA can , at times look like a debugger trying to interfere with the licenseing code, and some crash.

You can work around this situation by implenting a simple policy changes that adds the application in question to the builtin CSA application class called <Processes Requiring Kernel Only Protection>. Subsequent runs of that application do not trigger this particular issue, and the application is allowed to run correctly.

But how could I add a application to the builtin CSA application class called <Processes Requiring Kernel Only Protection> ?

We have a problem with SAS institute

3 Replies 3

tsteger1
Level 8
Level 8

Create an application control rule that triggers whenever "any application" tries to run "SAS institute"

Set it to take the action "add new process to application class" and add it to the dynamic application class "processes requiring kernel only protection".

Tom

Great explanation!

Thanks Christopher. Let's hope it works...

Tom

Review Cisco Networking for a $25 gift card