01-16-2012 03:57 AM - edited 03-10-2019 05:35 AM
This is only for info.
I was pretty sure that the CSA even protected themselves.
I assumed that the CSA did not give Symantec access to put the files that belong to the CSA in quarantine
We have run CSA and Symantec AV for almost 6 years.
On all our workstations / laptops
running with CSA as behavioral protection and Symantec for AV protection.
Now symantec started in their version 12.1 begun SONAR little as Cisco Sensor Base.
But now, Symantec don't trust CSA see my CSA log from CSA MC
The 'Symantec AntiVirus' service logged event code 51 into the application event log:
Security Risk Found!SONAR.ProcHijack!gen1 in File: c:\program files\cisco\csagent\bin\leventmgr.exe by: SONAR scan. Action: Reboot Required. Action Description: The file was quarantined successfully.
I've now got the antivirus people believe, to trust CSA leventmgr.exe in symantec
01-16-2012 08:45 AM
I believe Cisco has abdononed CSA. It is no longer in CSM 4.x
I usualy had to turn it off to get any work om my CSM server done. Sorry to hear you still have to fight these battles.
I'm glad it's gone.
- Bob
02-01-2012 01:35 AM
I do not think that we've had major challenges with CSA.
It is complex and can be many things in the CSA.
I would still argue that no other endpoint protection is on par with Cisco security agent, but I am not happy that Symantec can put a CSA file as leventmgr.exe quarantined.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide