Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
673
Views
3
Helpful
1
Replies

false positives with CSA

dave.thornton
Level 1
Level 1

‎03-07-2005 03:55 AM - edited ‎03-10-2019 01:18 AM

CSA generates Warnings along the lines of:-

An unauthorized Network Component, 'NDIS Proxy' was detected registering with the system. The operation was permitted. Details Rule 424

An unauthorized Network Component, 'QoS Packet Scheduler' was detected registering with the system. The operation was permitted. Details Rule 424

Typically I get 4 of these per reboot on a number of systems; these systems are healthy and need NDIS proxy and Qos Packet scheduler etc in order to work....

SO I think these are false positives and would like them NOT to generate noise....

The problem is i dont want to turn off Rule 424 if its needed and wonder how to work around the issue.

There seems no obvious way to stop the logging or exclude the applications in question; the only option is to enable/DISable the rule....

any ideas or suggestions welcomed.

thanks

dave

Labels:
0 Helpful
1 Reply 1

tsteger1
Level 8
Level 8

‎03-07-2005 12:27 PM

You don't need to disable it. Change the Sniffer and protocol detection rule to exclude those protocols.

Tom

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top