was thrown into a project for deploying CSP.
- how much traffic / bandwidth is used between clients and console
- what is the base detection policy that is used. Difference between detection / protection.
Hello, sometimes our CSP agent goes to a unknown state. If you open the "Policy Monitor", you will see the the Current Policy/Policy Prevention/Override State are unknown, and the Policy Override are empty(The attached file Bad.png). What annoying thing is that you can't even use the "C:\Program Files\Symantec\Critical System Protection\Agent\IPS\bin\sisipsconfig.exe" -r to change the policy to BUILTIN, cause we have to reghost our system.
After compared with a good machine, we found that it seems the file content of agent.ini and fallback.ini under C:\Program Files (x86)\Symantec\Critical System Protection\Agent\IPS\driver are damaged. So for a workaround we could startup windows with safe mode and repalce the agent.ini and fallback.ini. Then after reboot system, the CSP works fine, the Current Policy/Policy Prevention/Override State are showing correct value and "C:\Program Files\Symantec\Critical System Protection\Agent\IPS\bin\sisipsconfig.exe" -r could "stop" policy.
Our customer not very happy with this workaround as there are too much steps and we need to enter safe mode of windows. As we don't have a stable way to reproduce this case, I wonder what's the root cause or what operation would cause it, and is there more simple way could recover the CSP instead of go to windows safe mode and replace some configuration files.
Hi,
Just wanted to know does critical system protection is compatible on windows OEM like customazied os such as windows xp & Win 7 platform.
Any help would be appreciated.
Thanks
Mustafa
Hello
Could anyone advice whether SCSP can prevent API hooking and DLL injection in Windows Systems? if so, Could you please explain how?
Thank you in advance.
You’re invited to join our DCS Ninja’s event on Friday, April 21st, 2017 11:30am-1:00pm EST!
Register here:http://www.conventus.com/dcs-ninjas/
Topic of Focus:Network Controls and Lists
Invite your DCS teammates and gather up those head scratching questions!
NOTE: Calendar Invitations are only sent to those who have registered
Agenda:
See you on April 21st!
Hi All,
Is it possible to block USB device through Device ID in SCSP. also using SCSP how we can we protect endpoint from virus in Legacy OS .
Thanks in advance.
Hi there,
can some one tell me whether all Wincor Nixdorf ATM are automatically delivered with critical system protection by default to end user?
Thanks
I installed SCSP 5.2.9.935 agent on a RHEL6 machine.While the installation seems to go fine, I am not seeing the AGENT on the SCSP console. I can see permitted logs on firewall from agent to CSP server on port 443. The host name resolution seems fine both ways.
When using the right-click wizard in the event viewer to add an appliction to the whitelist under "application rules", the policy fails with the error: Driver failed to load new policy: Error adding sigflags
When adding an application using the wizard, the signature flag "signed and trusted" is set for each application path.
The issue seems that for some reason, this flag is set incorrectly, and the policy will fail to load with the error (Driver failed to load new policy: Error adding sigflags)
The solution is to remove the flag, save the policy and then re-set the flag.
Now the policy will load without any issue.
It took me a week to figure out that this was the problem, and I wanted to share the solution. Good luck out there!
Hi All,
Need a solution regarding csp issue. After i uninstall the agent. And reboot the pc. I run installation agent of csp agent. And it stop on pop up wizard show me “error an agent uninstallation requires a reboot. Please reboot system before running uninstallation”
I found article with exact same error
https://www.symantec.com/connect/forums/uninstall-...
But i cannot find pendingfilerenameoperation on my registry
Thanks in advance
Hi,
We sent logs to a SIEM QRadar, but here we don't receive events of (operation: login) into the console. We want send to siem logs of failed attemps and succesful logins into console.
How we could?
Thanks,
Hi All,
Does anyone have or can provide a script to automatically completely uninstall SCSP v 5.1.2.26 from a windows 2003 server. The removal
tool I found only works for v5.2.x. I did log a call with tech support - but they supplied the same tool - and it doesn't work. Its a pain
to do manual install for 300+- windows 2003 servers and 300 Win xp for the customer. Looking for an easier way to remove it and load DCS 6.7 mp1.
CSP agents were installed in 2009 and all msi/install files cannot be located.
Thanks in advance.
Please i am getting this error, while installing SCSP server. Help out
Hello dears,
I have been struggling with our Symantec Critical Protection V8.0 building some Prevention Policy for Windows Machine used by NCR and Wincor
After reading some of the 1000 pages etc of the manual I have done some tests but without luck.
Is there any way to build or find some policy for my purpose ?
Already tried with sandbox but I’m having difficulties ?
Anyone is using Symantec CSP or had previous experience for NCR or Wincor ?
Thank You
Is the Simplified Whitelisting policy intended to be deployed to standalone devices or is it only for devices that are managed? I'm asking because in the Java Console, if you want to deploy the policy to a stand alone device you choose the option "Export Policy for Deployment"
In the Web Console you only have an Export option:
Hello dear.
We want to clone an windows image of a PC when we have installed Symantec Endpoint Protection agent and Symantec Critical System Protection Agent. The clone will be done using software ( for ex: Acronis etc) and not just copy paste. Please could you support me ? I have read into you website the following article: https://support.symantec.com/en_US/article.HOWTO54...
Can this method be applied even for Symantec Critical System Protection client for cloning ?
Thank You
Please what is the use of the symantec filesystem data which is logged on the management server
I need a workaround for Symantec DCS:SA agent for fedora linux v. 22