I need a solution
The console can be installed in a Windows 2008 virtualized on Hyper-V or ESXI systems?
7445241
↧
Console CSP 5.2.8 MP4 on ESXI, Hyper-V?
↧
SCSP Agent won't start after server reboot
I need a solution
I'm running 5.2.8.264 on the console and the agent. We have a null policy on IPS (primarily using IDS).
The agent has been installed on our primary domain controller (Server 2008 R2, physical server). It's been running fine for months. We rebooted the server and now the IDS agent won't start. The specific error from the event log is as follows:
"Faulting application name: SISIDSService.exe, version: 5.2.8.264, time stamp: 0x4f6240e0
Faulting module name: RPCRT4.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba59
Exception code: 0xc0020043
Fault offset: 0x0005cd99
Faulting process id: 0x1d8
Faulting application start time: 0x01cd6955144d962f
Faulting application path: C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IDS\bin\SISIDSService.exe
Faulting module path: C:\Windows\syswow64\RPCRT4.dll"
I've uninstalled and reinstalled the agent. When I do this, the agent runs just fine until we reboot the DC, at which point it fails to start and throws the above error.
Any ideas would be appreciated!
Thanks....
7495941
↧
↧
SCSP Query
I need a solution
Hi,
I am creating Groups for SCSP and I want to run a query for a report on a specific group. Has anyone done this, if so how?
Regards
Gary
↧
Configure SCSP as Active & Standy
I need a solution
Hi all
Can anyone tell me if I can make SCSP management console as Active and Standby ???
If so, plz tell me how..
Many thanks
↧
CSP agents that log to two databases at the same time?
I need a solution
Wondering if something like this is possible? I have an environment consisting of a 100 or so Solaris agents, sprinkled with Win2k3 and Win2k8 agents. I have two ops centers, both having oversight over the entire architecture. Both Ops centers have a full CSP manager instance installed, with its own SQL database. My boss would like to have all agents report to both databases at the same time - independent of the database themselves (no database sharing). is something like this possible? I know that each agent can only talk to one database.. I was thinking of tweaking the Solaris installs to run two agents, each pointing at a separate database. But don't know how I would do it with the windows agents.
Has anyone tried something like this before?
Thanks...
↧
↧
CSP and Endpoint Protection best practice
I need a solution
Clearly there are areas where EP and CSP overlap. We currently use EP and are looking at CSP. We currently install most features of EP excluding the email scanning. Is there any guidance on whether both products will exist happily on the same machine? Should we for example uninstall the IPS features in SEP when installing the CSP agent? Is there any best practice around both products being installed on the same machine?
0
↧
Critical System Protection and Linux auditing
I need a solution
Linux uses the audit.rules file to determine what files get audited. CSP uses the Unix or Linux template to determine auditing. Does CSP parse the /var/log/messages and /var/log/secure in any way? How does CSP get its audits, from audit.rules daemon or some other way.
Here is the issue. We have a DISA STIG requirement to audit a boatload of data which is filling up audit logs rather quickly. If CSP was independent can captured the same audits, we could turn of the audit daemon in Redhat and just use CSP's built in audit templates.
Part II of the question:
Does anyone know of an updated Linux template similar to the unix baseline detection? The unix baseline detection has files and folders which do not exist in Redhat linux.
V/R
↧
About Computer Security
I need a solution
Why is it so important to embrace https and leave htp behind?
↧
AM I SAFE NOW OR SINCE THE ADAPTER SETTINGS AND FIREWALL SETTINGS HAVE BEEN CHANGED ...MY SECURITY IS COMPROMISED !!!
I need a solution
IP S Alert Name: Web Attack: Blackhole Toolkit website 21
Attacking computer : 116.203.96.89, 64006
Attacker URL : www.mandalay.longmusic.com/main.php?page=588ec4e4ea3b00d8
Source Address: 116.203.96.89
Trafic Description: TCP, Port 64006
Category : Firewall - Network and connections
1)IP address has disappeared from adapter mts internet and is no longer being protected (IP address:.......)
2)IP address has disappeared from adapter Microsoft 6to4 Adapter and is no longer being protected (IP address:.......)
This happened whilst browsing and the attack was resulted from - within the Apple Safari Browser's Webkit2webprocess.exe
As A RESULT NORTON 360 IS SHOWING THIS HAS BEEN DONE, BUT I HAVE NOT DONE ANY CHANGES MYSELF TO THE FIREWALL RULES. YET IT
IS SHOWING THE FOLLOWING....PLEASE ADVICE....
Program Name: Local Security Authority Process
Program Path: C:\Windows\System32\lsass.exe
Default Action: No Action Required
Action TakenL: User Configured rules
Local Computer: 0.0.0.0,49154
Trafic Description: Inbound Tcp, port 49154
Details: You created firewall rules to manage how Local Security Authority Process accesses your network resources.
Program Name: Local Security Authority Process
Program Path: C:\Windows\System32\lsass.exe
Default Action: No Action Required
Action Taken: ALLOW
Local Computer: ::0,49154
Trafic Description: Inbound Tcp, port 49154
Details: You ALLOWED Local Security Authority Process TO access your network resources.
HERE, IDID NOT ASK OR ALLOW THE COMPUTER TO ACCESS ANY NETWORK RESOURCES. HOW COME IT IS SHOWING IT IS ALLOWING ACCESS.
PLEASE ADVICE.....ASAP......WOULD APPRECIATE THE EARLY REPLY,THANKS.
SUNIL
↧
↧
SCSP IPS - Unblock RDP functionality
I need a solution
Hello,
I'm currently working on developing a new IPS policy based in the sym_win_protection_strict_sbp policy and have had the policy applied with prevention disabled to profile known applications. I did not detect anything which would block RDP access once enabled with an error on the agent machine of 'The Local Security Authority could not be contacted'.
When connecting to the agent machine using RDP a prompt appears for authentication but then the error is received. The strange thing is there is no obvious information in the logs to identify the processes and rule type which is preventing this.
Can anyone advise?
Thanks
Sean.
↧
Critical System Protection Suite
I need a solution
Hi,
We are about to implement CSPS. Try as I might, I cannot find up to date admin and installation guides. They all refer to Win XP and Server 2003 as well as P4 processors. This can't be right. Can you please point me in the right direction to download latest guides for this application.
Tks,
Guy
↧
Issue installing CSP
I need a solution
I'm trying to install CSP on 2008 R2 SP1 with SQL 2008 R2 Express as documented here: http://www.symantec.com/connect/articles/how-install-scsp-microsoft-sql-server-2008-r2-express-edition
The install keeps failing with Database Population Failed.
Looking at the LoadBinaryTables.log I see we keep getting this:
Connection error:
java.sql.SQLException: Unable to get information from SQL Server: morbier.
at net.sourceforge.jtds.jdbc.MSSqlServerInfo.<init>(MSSqlServerInfo.java:91)
at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:263)
at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)
at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:178)
at java.sql.DriverManager.getConnection(DriverManager.java:525)
at java.sql.DriverManager.getConnection(DriverManager.java:171)
at com.symantec.sis.dbloader.Main.getStatements(Main.java:225)
at com.symantec.sis.dbloader.Main.doLoad(Main.java:145)
at com.symantec.sis.dbloader.Main.main(Main.java:56)
I've enabled remote access/TCP in SQL server and have used a complex enough password. Does anyone else have any ideas?
↧
Monitoring journal-logs in AS400 using SCSP
I need a solution
Hi all,
Would like to know has anyone come accross a SCSP scenario on monitoring AS400 journal logs? All the documents available points to syslog but not journal logs using virtual agent.
Has anyone come accross this scenario before as is deploying SCSP for AS400 to do FIM.
Thanks in advance.
ALEX.
↧
↧
How to reset symadmin password?
I need a solution
How to reset symadmin password? I tried to search support site, but nothing available.
Any idea?
Thanks.
7867681
↧
Failed to resolve remote host when added esxi to collector
I need a solution
Hi, I got below error when adding the esxi host, any idea?
Using default protocol https for the host esxi-5.
Using default port 443 for protocol https for the host esxi-5.
Server version unavailable at 'https://esxi-5:443/sdk/vimService.wsdl' at /usr/lib/perl5/5.8.8/VMware/VICommon.pm line 545.
Adding ESXi Host Information . Please wait...
New entry added successfully
Configuring ESXi Host esxi-5 for Syslog forwarding. Please wait...
Failed to resolve remote host: 192.168.253.212\
ESXi Host esxi-5 is added.
I'm using RHEL 5.5.
Thanks.
↧
SCSP Agent service failed to start after vmware tools upgrade
I do not need a solution (just sharing information)
Looking to see if others have experienced this issue.
Last week, our organization went through a series of vmware tools upgrades. After the upgrades, all of the vm guests that had the csp agent on them were reporting back to the console with a red status.
The agent health is set to go yellow after 8 hrs and red after 24 hrs. When investigating as to why (and I have limited access within the domains but do have local admin on a few boxes) the only commonality I discovered was that the sisipsservice wasn’t running (obviously) and that vmware tools was upgraded.
The obvious thing was to run a “sc \\servername start sisipsservice” within the domain to get all the agents started back up, but I am still unsure as to why the agents all failed.
If any others experience this, let me know.
Cheers,
↧
Unable to installed SCSP on Server.
I need a solution
Hi,
We are trying to install SCSP 5.2.8 version but while installation we are getting error like MDAC 2.7 SP1 and above version is required.
This Server already having some application on SQL server 2005 and we need to create one instance on it.
Please Suggest as soon as possible.
↧
↧
Configuring Data Collectors for more than one service account in the same Domain?
I need a solution
CCS 10.5.1 Windows 2008R2
I have a domain in which our service account that we condifgured the Query Engine access for is a domain admin. We have a master and slave QE in that domain.
We have a new scenario in which we have a handful of newly built servers which only certain individuals can access. This being said our domain service account has not been granted access to these new servers. Hence, we need to create a new account which may or may not be a domain admin and grant this new account local administrative access on these new servers so that only the priveleged individuals can access these new servers.
I then need to configure bindview to be able to scan these new priveleged access servers in the same domain that we already have configured with our domain admin service account. Is anyone aware of a scenario in which the a domain query engine can be configured to allow multiple accounts/credentials access to scan the domain? The only other scenario I could think of would be to install two master query engines in the same domain, however i am not sure if that is even supported.
↧
Cannot delete policy folder from workspace
I need a solution
We have a new install of 5.2.9 and for some reason a folder in the policy workspace cannot be deleted. It has no policy in there but throws an error message of 'unable to delete a non empty policy folder'. Is there anyway to delete this folder from the workspace?
↧
Archiving (backup) CSP Logs
I need a solution
I am running CSP 5.28 and need a solution to archive (backup) the audit logs weekly.
This requirement is derived from a system hardening guide from DISA. I basically need to backup the events on the CSP server every week.
So far I have not seen how to do this task. Next week we are deploying this server and really need a hand.
I would like CSP to do the following:
1. Backup all the current logs each week
2. If the log file exceeds a set size, then backup the audit log and then clear the events.
Any help is greatly appreciated.
V/R
Derek
↧