We had a CSA MC version 188.8.131.52 and because of the increasing size of Windows 7 machines I have upgraded the system to version 184.108.40.206.
The installation went just fine, there wasn't any problems. I created a scheduled upgrade for the hosts and tested it at the night of the upgrade on a few PCs that the agent upgrade is working as it should.
On the next day the clients upgrade the agent to the new version but after a reboot the windows did not come up.
I have made some basic troubleshooting steps but the windows on the PCs where the agent already upgraded wont start. It stuck at applying computer settings. Doesnt matter if it is a XP or Win7.
We are not using the Antivirus functions of the CSA but we are using NOD32 antivirus. I found out that if the NOD32 is removed from the client the new version of CSA is running fine, and there is no problem with the PC at all. If I install the NOD32 and reboot the PC it wont come up.
- before the upgrade we already had the NOD32
- we have the same policy what was before the PCs are in the same groups
- tried making a new agent KIT and install it individually to the PCs, but the same issue
- the "all Windows" group cotains only 220.127.116.11 version policies
Could you please advise that what is going on in our system? Why the NOD32 wasnt a problem before the upgrade for more then 1,5 years now? And why it is a problem now?
Can you check and see if you have the policy "Base - digital signing of downloaded executables" associated with these devices ? If so, can you disable the 2 rules within this policy, generate poll and test.
If this does not resolve the issue, then it really is a matter of disabling rules to try and find the culprit. I would typically do the following:-
1: Create an empty group in test mode and attach that as the only group to a test PC and see if that resolves the issue. If so, then it is definitely a rule issue.
2: Clone all groups affected and attach to the test PC. Check issue persists.
3: Remove half the groups and test and do this to isolate the group.
4: Remove half the policies from that group and test to isolate the policy.
5: Remove half the rule modules from that policy and test to isolate the rule module.
6: Remove half the rules from that rule module and test to isolate the rule.
7: Once you have the rule you can either live with it disabled or open a tac case to investigate further.
ProblemTaking a snapshot of ISE virtual machines is not supported but it still happens occasionally due to administrators taking a snapshot manually or an integrated technology that automatically takes snapshots to back up VMs. When taking a snapsho...
Hi all, Is it available on Stealthwatch 7 Client or web interface the ability to import the Netflow Exporters names? I found only the possibility to configure manually the name of each Netflow Exporter, but not a bulk configuration.
User Experience Enhancements
As part of Cisco Customer Experience program, we are working towards a more uniform user experience and terminology harmonization. This program runs across all Cisco security products.
We are ali...
Join us on Thursday, October 10 at 10 am PT to meet the CEO and Founder of Cisco's most recent security investment.
In today’s cybersecurity arms race, how does Cisco stay one step ahead in the battle against attackers? One key strategy is keeping tabs on...