04-15-2010 03:43 AM - edited 03-09-2019 10:55 PM
Hello!
Please help me resolve my problem, I`am testing CSA and when I try to translate word with Lingvo 12 press "Ctrl+C+C" or ''homing cursor mouse" nothing oocurs :-( I know this block Policies -
"Firewall - Centrally Managed (desktops)" something from this
Base - CSA client UI control Module to enable Cisco Security Agent client UI
Base - Network Application Classification Module Module to classify Network Applications
Security - Distributed Firewall - All Networks Prevent incoming server connections to Untrusted applications on all systems
Security - Distributed Firewall - Mobile Networks Prevent incoming server connections to All applications on all external systems
Security - IP Stack Hardening - Corporate Networks Module for hardening IP Stack on all internal systems
Security - IP Stack Hardening - Mobile Networks Module for hardening IP Stack on all external systems
Security - Network Worms Prevents Network Worms from exploiting network-facing services
Security - Network Worms (Medium or High Security Prevents) Network Worms from exploiting network-facing services when security level is Medium or..
Security - Remote Application Restrictions Prevent remote applications from making system modifications
Security - Signature-based protection - LPC-borne exploits Defend against LPC-borne exploits and DoS attacks
Security - Signature-based protection - MSRPC-borne exploits Defend against MSRPC-borne exploits and DoS attacks
Security - Stack recovery for critical services Recover stack for critical Windows service processes after fatal exceptions
But I don`t know what(
Regards
04-18-2010 02:05 PM
What does your log say on the csamc, any deny rules triggered related to Lingvo ?
Also, you should take a look in your local agent gui, look in the untrusted applications, if lingvo is in there, this could be the cause, normally because it as downloaded/installed via a webbrowser
04-21-2010 02:29 AM
Thank, Ian!
I find this log
The process 'C:\Program Files\ABBYY Lingvo 12\LvAgent.exe' (as user ToX1c1986) attempted to insert code ('C:\Program Files\ABBYY Lingvo 12\LvHook.dll') into another process. All processes were targeted. The operation was denied.
I find rule " 1300 Untrusted Apps (not White List), Inject code into every application" In White List I add "$Directories - Program Files [V6.0.1 r98]"
But! In my company CSA now in Audit Mode only my computer not, I`am testing and when I try generate rules I see
"Modify application class Administrator defined - White List Applications [W, V6.0.1 r98] (read-only override)"
read-only override - does it mean that all computers which in Audit Mode after generate this rule will not in Audit Mode anymore?
04-21-2010 02:37 AM
No, it is an indication of you changing a read only policy, you should not add the whole program files directory to white list that would be bad, also only add the offending application in the csamc white list feature , not in the application class "Administrator defined - White List Applications [W, V6.0.1 r98]", you should not modify built-in polcies unless absolutely unavoidable.
Jan
04-21-2010 02:53 AM
Jan, Thanks a lot!
I know tha is bad :-( But I don`t konow where csamc white lis.
Also, how can I canceled generate rule?
Jan, maybe this
Configuration - Global Settings - Application Trust Levels and add my Lingvo here?
04-21-2010 03:09 AM
Yes, that is where you should your own white listed applications, You can't cancel a generate, but if you remove the program files class where you added it, the new rules will be the same, and no change will be done to the agents. Of course if you add the lingvo app to the white list, it will generate a new policy, but it won't affect hosts that are in audit mode.
04-21-2010 03:47 AM
Jan, in this filed I see "created by administrator ADMIN via the wizard" where is this wizard? or I can create just push New and paste
"**\Program Files\ABBYY Lingvo 12\LvAgent.exe" ?
04-21-2010 03:51 AM
Could you post a screenshot ?
04-21-2010 04:01 AM
04-21-2010 08:07 AM
You can create new entries in the white list manually like you did, or use the wizard button when you find an event in the csamc that you wan't to create an exeption for, the wizard will give you the choice of white listing the application that triggered the event.
04-21-2010 09:45 PM
04-22-2010 06:59 AM
Looks strange, did you try to generate again, it might be a fluke incident. Dont think i got a priv msg from you.
04-23-2010 05:06 PM
Take a look at this post regarding the bulk insert error:
https://supportforums.cisco.com/message/930962#930962
Tom
04-27-2010 02:59 AM
Hello!
Thanks for your reply!
Unfortunatelly, my CSA MC work on Windows Server 2003 and MDAC not support it. I afraid to install MDAC 2.8 on my server. Also I have SQL 2005. Do you have any ideas how to resolve this problem?
04-27-2010 10:47 AM
My CSA 5.2 server is also Windows Server 2003 and has MDAC 2.8 SP2 and SQL 2005 installed.
I suggest you run the version checker available here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8F0A8DF6-4A21-4B43-BF53-14332EF092C9
The problems may be related if you cannot generate the rules without error.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide