was thrown into a project for deploying CSP.
- how much traffic / bandwidth is used between clients and console
- what is the base detection policy that is used. Difference between detection / protection.
Hello, sometimes our CSP agent goes to a unknown state. If you open the "Policy Monitor", you will see the the Current Policy/Policy Prevention/Override State are unknown, and the Policy Override are empty(The attached file Bad.png). What annoying thing is that you can't even use the "C:\Program Files\Symantec\Critical System Protection\Agent\IPS\bin\sisipsconfig.exe" -r to change the policy to BUILTIN, cause we have to reghost our system.
After compared with a good machine, we found that it seems the file content of agent.ini and fallback.ini under C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IPS\driver are damaged. So for a workaround we could startup windows with safe mode and repalce the agent.ini and fallback.ini. Then after reboot system, the CSP works fine, the Current Policy/Policy Prevention/Override State are showing correct value and "C:\Program Files\Symantec\Critical System Protection\Agent\IPS\bin\sisipsconfig.exe" -r could "stop" policy.
Our customer not very happy with this workaround as there are too much steps and we need to enter safe mode of windows. As we don't have a stable way to reproduce this case, I wonder what's the root cause or what operation would cause it, and is there more simple way could recover the CSP instead of go to windows safe mode and replace some configuration files.
Hi,
Just wanted to know does critical system protection is compatible on windows OEM like customazied os such as windows xp & Win 7 platform.
Any help would be appreciated.
Thanks
Mustafa
Hi All
I have an event, the content is Fatal Error while trying to open file C:\Program Files\Symantec\Data Center Security Server\Agent\sdcsslog\_SISIDSEvents1180.csv, error code 13.
Why does it happen?
How can I fix it?
Hi,
Can someone help me with this error?
We are excited to announce the Beta of our upcoming release of Data Center Security: Server 6.6 which is scheduled for GA in later half of 2015. The goal of this Beta is to get your feedback, advice, and suggestions as we deliver software solutions to help with your security requirements.
We invite you to participate in our Data Center Security: Server 6.6 Beta program with first Beta release in late July 2015. By participating in the Beta for Data Center Security: Server 6.6, by installing Data Center Security: Server Beta in a non-production part of your environment, you will have early access to some of the features highlighted.
Data Center Security: Server 6.6 will support agent-less anti-malware for workloads running on VMware vShield platform as an integrated offering. Additionally, Data Center Security: Server 6.6 integrates Operations Director with Palo Alto Networks, & Rapid 7 to orchestrate and automate real-time response to critical vulnerabilities or unauthorised server configuration changes.
Feature highlights:
To find out more, please sign-up for Beta program. Please apply for Data Center Security: Server Beta program via SymBeta and select New User to begin the application process.
To participate in the Data Center Security: Server Beta with an onsite installation you must meet the following requirements:
To participate in the Data Center Security: Server Beta with our Hands On Lab hosted installation you must meet the following requirements:
As we continue to work towards our release, we plan to announce another Beta in early September for Data Center Security: Server Advanced 6.6 with additional features running in our Hands-On-Lab Cloud hosted environment. Please stay tuned for more details and requirements that will be coming soon.
We look forward to your feedback and are excited you will test our new release,
Data Center Security Beta Team
I saw this old post and I am having the same problem, although it apears to be the Symantec Data Center Security Server Manager Service that is not running. Everytime I restart the service it stops after 30 seconds. When trying to login via the console the following error message appears 'cannot open database "SCSPDB" requested by login. The login failed.' Also when checking the event logs on the SCSP server, there is Java Virtual Machine error (with a code of -1 as stated below by Chuck) for the SISManager. When I check the event logs on the SQL server there are failure audits, Source: MSSQL$SCSP, Event ID: 18456, login failed for user 'SCSPDBA' (Client:*.*.*.*). I'm no SQL or SCSP guru, our usual tech is on holiday so any help would be grealty appreciated.
https://www-secure.symantec.com/connect/sites/defa...) 100% -45px no-repeat transparent;">Chuck EdsonSYMANTEC EMPLOYEEACCREDITEDCERTIFIED
Muydess is correct.
If the SCSP Server Service will not stay running, then check the Windows Event Logs for a Java -1 error. If you find that, then let us know, there are several things that can cause the java -1 situation (database connection/password incorrect, out of transaction log space, database/instance not running, corruption of server.xml file or catalina properties).
Note that it can take up to 30 seconds for the service to timeout and show that it is stopped -- so start the service, wait a little, then refresh the services.msc window.
Dear All:
I have an AIX7 server with SCSP Agent 5.2.9MP6 installed for few month.
The only policy is File Watch for 6 document, report frequency is less then 30 /per hour.
Didn't do any change before and after reboot.
It's good work in past days,but after it reboot in two days ago,the CPU use by Kernel always go to 90%UP.
When I stop sisidsagent service it return to normal.
There are 20 servers,only one server have this situation.
Does anyone have experience like this or know how to fix it, please tell me.
Thank You!
(red is the CPU that Kernel used)
Hi Guys,
i seems to be having some problems recently with SCSP agent installed on a RHEL 6.4 machine. It is meant to be used for as Arcsight smart connector service and therefore syslogs is sent via different ports to the agent machine. However we noticed that syslog traffic for some ports is rejected after some time but no blocked logs is found in manager's log viewer. syslog traffic resume after SCSP unix core policy is disabled and syslog service is restarted on the agent server.
Wonder if there's anyone who faced similar problems before?
Hi Team,
Where can I configure the policy HIDS agent, configure list of trusted source IP connect to the agent via RDP or SSH, if untrust IP attempt, log it and report.
I have done new installation of Symantec Critical System Protection 5.2.9 on Windows Server 2008 R2. Its Database is on separate server running MS SQL Server 2008 instance that is also on Windows Server 2008 R2.
The installation went smooth without any error. I installed server first and then console.
However, when i try to login to console with username "sysadmin" and blank password, i am getting this error as shown in the attached screenshot.
Can anyone kindly help as to what might be the reason for this? Thanks.
I have done new installation of Symantec Critical System Protection 5.2.9 on Windows Server 2008 R2. Its Database is on separate server running MS SQL Server 2008 instance that is also on Windows Server 2008 R2.
The installation went smooth without any error. I installed server first and then console.
While trying to login to console i am constantly getting below error:
"SCSP has encountered an error trying to establish a connection with the management server. Please check to make sure that the certificate and certificate password are correct and try again. If this problem continues please check with your System Administrator"
Here are the things i have tried so far without any luck.
1) All the certificate error troubleshooting/verification steps defined in
"https://support.symantec.com/en_US/article.TECH114668.html"
Certificate error causes:
a. SCSP server service stopped
b. Server.xml file missing or in the wrong location (default is c:\program files\symantec\symantec critical system protection\server\tomcat\conf).
c. The server-cert.ssl path is incorrect in the server.xml file (default is c:\program files\symantec\symantec critical system protection\server).
d. SCSP database instance is stopped
e. Unable to connect to the database
2) Sucessfully connect to SCSP Database instance from SCSP Server with MS SQL Server Management Studio.
3) Disable Firewall on both SCSP server and the server hosting the SCSP Database instance.
4) Installing Management console on different machine and trying to login from it.
I have attached the screenshot of error as well. Can anyone kindly help me on this?
Thanks.
Hi,
We have bought product SYMC EMBEDDED SECURITY CRITICAL SYSTEM PROTECTION FOR DEVICES 6.5 WINLX PER NODE BNDL STD LIC.
However their system is actually running on NT platform.
Since this product is not supporting Windows NT platform, can they downgrade it to SYMC CRITICAL SYSTEM PROTECTION CLIENT EDITION 5.2 NODE BNDL STD LIC?
Hi,
I'm new to critical system protection, i'd like to know how can i use it to lock the MAC address of my default gateway to prevent Man-In-The-Middle attack.
Thanks!
Hi,
I'm new to SCSP i would like to know how can i use this software to prevent modification towards specific registry keys.
Thanks!
Hi guys,
I'm new in the forum ^^. I'm testing CSP because my company have to choose beetween this product and another.
So my question is simple :
I have created a certificat and i can use it to sign my application (.exe, .dll, ect) that I want is that every applications sign with this certificat can be trusted by the solution as a updaters anyway is name or his position in the computer.
Is it possible? and if the reply is yes, how ?
so i hope guys you will be able to help me on this problem that block me.
best regards !
Hi,
What is the SMTP server for SCSP?
Thanks!
Scenario here will be :
Client A (runs Submit.exe) and it will need to FTP to HOST B.
Would like to check how do we allow passive ftp which is activated by an application (exmaple: submit.exe).
It has ports ranging from NNNN to NNNNN. I can't keep on adding ports to the policies as it will grow.
I've even white list the SUBMIT.EXE together with 200 over remote ports already.
Appreciate it some one could shed some light here.
Cheers,
ALEX
Hello all,
I have been trying tohttps://www-secure.symantec.com/connect/node/add/sc-forum configure scsp 5.2.9 under W2012R2, with an external SQL server 2012. I keep getting the error message: "Database population Failed".
I have gone through all the tips suggested in the following posts:
https://www-secure.symantec.com/connect/articles/scsp-error-database-population-failed-and-mdac
https://www-secure.symantec.com/connect/articles/scsp-error-database-population-failed
And still getting the error.
In the log ,sde-dbstatus I can see the following message: "ERROR DBINS0500 Database SCSPDB already exists - You need to uninstall the DB and try again"
Please, could anyone help me on the troubleshooting?
Regards,
Juan
Hello,
can anyone confirm if I can change the default sql ports to an installation of scsp 5.2.9? If so, where can I do it?
Kind regards,
Juan