12-16-2005 08:00 PM - edited 03-09-2019 01:23 PM
I have a customer running CSA in Testmode on a Citrix Server. When a user successfully starts a session on the Citrix server, CSA produces a message in the event log.
TESTMODE: The process '<remote application>' (as user xxxx\xxxx) attempted to modify a Cisco Security Agent resource Cisco Registry Key\Value: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\csahook\. The operation would have been denied.
Can someone explain what this message really indicates.
Thanks
Scott
12-17-2005 02:47 PM
It means that if the client had been running the CSA Agent in "Live" mode rather than Test mode then the remote application would not have been allowed to modify a CSA resource.
You will see plenty of similar messages and your Value Add to the customer will be to work with them to decide which should be allowed and which should be denied. This is part of the testing and tuning of the CSA application that needs to be done at the beginning of every CSA implementation.
Hope this helps.
12-17-2005 04:40 PM
Sorry, I should have been more clear. I understand the "TestMode" part of the message. It's just not clear what is happening regarding the csahook message. The user isn't doing anything but logging into a Citrix session.
12-19-2005 11:37 AM
Because the user is logging in remotely, CSA sees it as a remote application and by default, they are not allowed to modify the registry. You could try creating an exception, but unless you have a local event to trigger it (login maybe?) you may open things up a bit more that you'd like.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide