Protection of CSA Blaster?
The CSA developers have tested out-of-the-box CSA
configuration for protection against the blaster?
An official statement will be posted at www.cisco.com shortly, but in short (it is unofficial until it was posted because this may change):
-The default Server 4.0 CSA and political funds stop the successful execution of this attack
-On the servers, the default server policy prevents the SVCHOST to try to run CMD.exe. This prevents the operating shell code to run.
-On desktop systems, the default desktop policy is preventing the SVCHOST to accept a connection on port 4444. Additional protection is provided by the prevention of the default font of any application to run CMD.exe
Tags: Cisco Security
Similar Questions
-
I reloaded the link blastie - it works with chrome, but not firefox. Appears the security shield, then I click on "turn off protection on this page", but then it reloads the page with activated protection...
Perhaps have a look at this extension and temporarily disable the block if you need it for some pages.
-
Remove w32/blaster.worm of Windows Vista
Original title: w32/blaster.worm removal
Can I remove this manually. I could use some help, but the situation is that my computer from now cannot detect even a network so I have no internet connection. This computer is very good and that's why I connected a m.
But I need to remove w32/blaster.wormNo matter what?Thank youHello
If necessary download on another computer and transfer then to your computer on removable
readers of media such as CD, DVD or USB. You can also try the Safe Mode with network - several times
as you start, press F8.If you need search malware here's my recommendations - they will allow you to
scrutiny and the withdrawal without ending up with a load of spyware programs running
resident who can cause as many questions as the malware and may be more difficult to detect as the
cause.No one program cannot be used to detect and remove any malware. Added that often easy
to detect malicious software often comes with a much harder to detect and remove the payload. Then
its best to be thorough than paying the high price later now too. Check with them to one
extreme overkill point and then run the cleaning only when you are sure that the system is clean.It can be made repeatedly in Mode safe - F8 tap that you start, however, you must also run
the regular windows when you can.TDSSKiller.exe. - Download the desktop - so go ahead and right-click on it - RUN AS ADMIN
It will display all the infections in the report after you run - if it will not run changed the name of
TDSSKiller.exe to tdsskiller.com. If she finds something or not does not mean that you should not
check with the other methods below.
http://support.Kaspersky.com/viruses/solutions?QID=208280684Download malwarebytes and scan with it, run MRT and add Prevx to be sure that he is gone.
(If Rootkits run UnHackMe)Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
Malwarebytes - free
http://www.Malwarebytes.org/Run the malware removal tool from Microsoft
Start - type in the search box-> find MRT top - right on - click RUN AS ADMIN.
You should get this tool and its updates via Windows updates - if necessary, you can
Download it here.Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
(Then run MRT as shown above.)Microsoft Malicious - 32-bit removal tool
http://www.Microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=enMicrosoft Malicious removal tool - 64 bit
http://www.Microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495e-94E7-6349F4EFFC74&displaylang=enalso install Prevx to be sure that it is all gone.
Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
Prevx - Home - free - small, fast, exceptional CLOUD protection, working with others
security programs. It is a single scanner, VERY EFFICIENT, if it finds something to come back
here or use Google to see how to remove.
http://www.prevx.com/ <-->
http://info.prevx.com/downloadcsi.asp <-->Choice of PCmag editor - Prevx-
http://www.PCMag.com/Article2/0, 2817,2346862,00.aspTry the demo version of Hitman Pro:
Hitman Pro is a second scanner reviews, designed to save your computer from malicious software
(viruses, Trojans, rootkits, etc.). who infected your computer despite safe
what you have done (such as antivirus, firewall, etc.).
http://www.SurfRight.nl/en/hitmanpro--------------------------------------------------------
If necessary here are some free online scanners to help the
http://www.eset.com/onlinescan/
-----------------------------------
Original version is now replaced by the Microsoft Safety Scanner
http://OneCare.live.com/site/en-us/default.htmMicrosoft safety scanner
http://www.Microsoft.com/security/scanner/en-us/default.aspx----------------------------------
http://www.Kaspersky.com/virusscanner
Other tests free online
http://www.Google.com/search?hl=en&source=HP&q=antivirus+free+online+scan&AQ=f&OQ=&AQI=G1--------------------------------------------------------
Also follow these steps for the General corruption of cleaning and repair/replace damaged/missing
system files.Run DiskCleanup - start - all programs - Accessories - System Tools - Disk Cleanup
Start - type this into the search-> find COMMAND to top box and RIGHT CLICK-
RUN AS ADMINEnter this at the command prompt - sfc/scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker
(SFC.exe) program generates in Windows Vista cbs.log
http://support.Microsoft.com/kb/928228Run checkdisk - schedule it to run at the next startup, then apply OK then restart your way.
How to run the check disk at startup in Vista
http://www.Vistax64.com/tutorials/67612-check-disk-Chkdsk.html-----------------------------------------------------------------------
If we find Rootkits use this thread and other suggestions. (Run UnHackMe)
I hope this helps.
-
How can I remove my laptop lsas.blaster.keyloger?
My computer has been infected by lsas.blaster.keyloger. Pop-up windows telling me that there are 45 safety issues need to be resolved. Then it asks me if I want to fix or ignore them. If I click on "ignore" that they disappear. If I click on "solve" I'll have to give them my credit card and buy their software. According to the articles I read on the net, this is a hoax.
I've also read articles that tell me what to do to eliminate the problem, but nothing works because only the malware doesn't let me go further. It doesn't let me open any programs or open all the files.
Can anyone suggest something?
Hello
What program he's trying to make you buy? Good luck it's one of them however, otherwise please
Let us know. See the "How to remove" link below for versions I think it is.Try Mode safe mode with networking - repeatedly, press F8 that you start.
The best two methods allow scanners to run and/or AV.exe out of the way or removing.
1.
CTRL SHIFT ESC - task manager OR right click on the taskbar - task managerProcess tab - complete the process on AV. EXE and continue with the uninstall Guide.
If necessary use start - computer or Windows Explorer to navigate to
C:\Program Malwarebytes Anti - Malware\mbam.exe or where it is installed - if
necessary right click on the shortcut of Malwarebytes - Properties - tab - target line to see where it
is installed.Right-click on it and rename it to ZZMbam.COM (or something different than now) and
Double-click it, and then run it like this. You can rename it back later. Do the same with
other programs according to the needs. Use this method to others as needed - NOT assume all
a program deletes all or that it is no other malicious software.---------------------------------------------------
2.
Another method is to use them:Use Process Explorer to "Suspend" the process will not stop
Then use AutoRuns to delete the malicious program startup items.
Now use UnLocker to delete the files in the malware.
You may need to do a file at a time.
Process Explorer - free
http://TechNet.Microsoft.com/en-us/Sysinternals/bb896653.aspxAutoRuns - free
http://TechNet.Microsoft.com/en-us/sysinternals/bb963902.aspxUnLocker - free (do not install the adaware Ebay)
http://www.Softpedia.com/get/system/system-miscellaneous/unlocker.shtmlAV.exe
==============================================
The AV.exe malware goes by many names:
XP Internet Security 2010, Antivirus 2010 Vista and Win 7 Antispyware 2010 are thugs
antivirus, scams for you force to pay for them while they have no advantage at all.How to remove Vista Antivirus 2010 as well as the other varieties AV.exe.
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-Vista-2010RENAME this as necessary to allow them to perform: (use a different name with the extension .COM instead of .exe)
It can be made repeatedly in Mode safe - F8 tap that you start, however, you should also
Run them in regular Windows when you can.Download malwarebytes and scan with it, run MRT and add Prevx to be sure that he is gone.
(If Rootkits run UnHackMe)Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
Malwarebytes - free
http://www.Malwarebytes.org/Run the malware removal tool from Microsoft
Start - type in the search box-> find MRT top - right on - click RUN AS ADMIN.
You should get this tool and its updates via Windows updates - if necessary, you can
Download it here.Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
(Then run MRT as shown above.)Microsoft Malicious - 32-bit removal tool
http://www.Microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=enMicrosoft Malicious removal tool - 64 bit
http://www.Microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495e-94E7-6349F4EFFC74&displaylang=enalso install Prevx to be sure that it is all gone.
Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
Prevx - Home - free - small, fast, exceptional CLOUD protection, working with the other security
programs. It is a single scanner, VERY EFFICIENT, if it finds something come back here or
Use Google to see how to remove.
http://www.prevx.com/ <-->
http://info.prevx.com/downloadcsi.asp <-->Choice of PCmag editor - Prevx-
http://www.PCMag.com/Article2/0, 2817,2346862,00.aspTry the demo version of Hitman Pro:
Hitman Pro is a second scanner reviews, designed to save your computer from malicious software
(viruses, Trojans, rootkits, etc.). who infected your computer despite safe
what you have done (such as antivirus, firewall, etc.).
http://www.SurfRight.nl/en/hitmanpro--------------------------------------------------------
If necessary here are some free online scanners to help the
http://www.eset.com/onlinescan/
http://OneCare.live.com/site/en-us/default.htm
http://www.Kaspersky.com/virusscanner
Other tests free online
http://www.Google.com/search?hl=en&source=HP&q=antivirus+free+online+scan&AQ=f&OQ=&AQI=G1--------------------------------------------------------
Also follow these steps for the General corruption of cleaning and repair/replace damaged/missing system
files.Run DiskCleanup - start - all programs - Accessories - System Tools - Disk Cleanup
Start - type this into the search-> find COMMAND to top box and RIGHT CLICK-
RUN AS ADMINEnter this at the command prompt - sfc/scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker
(SFC.exe) program generates in Windows Vista cbs.log
http://support.Microsoft.com/kb/928228Run checkdisk - schedule it to run at the next startup, then apply OK your way out then
turn it back on.How to run the check disk at startup in Vista
http://www.Vistax64.com/tutorials/67612-check-disk-Chkdsk.html-----------------------------------------------------------------------
If we find Rootkits use this thread and other suggestions. (Run UnHackMe)
I hope this helps.
Rob Brown - MS MVP - Windows Desktop Experience: Bike - Mark Twain said it right.
-
My daughter has downloaded a virus at the music, the pop-up says worm w32/blaster. Now, I can't get into any of my files or programs? I was told that I needed a recovery disc? Where to find and from the manufacturer or windows vista? What do you say?
Hello
If you need search malware here's my recommendations - they will allow you to
scrutiny and the withdrawal without ending up with a load of spyware programs running
resident who can cause as many questions as the malware and may be harder to detect as
the cause.No one program cannot be used to detect and remove any malware. Added that often easy
to detect malicious software often comes with a much harder to detect and remove the payload. Then
its best to be thorough than paying the high price later now too. Check with them to one
extreme overkill point and then run the cleaning only when you are sure that the system is clean.It can be made repeatedly in Mode safe - F8 tap that you start, however, you must also run
the regular windows when you can.TDSSKiller.exe. - Download the desktop - so go ahead and right-click on it - RUN AS ADMIN
It will display all the infections in the report after you run - if it will not run changed the name of
TDSSKiller.exe to tdsskiller.com. If she finds something or not does not mean that you should not
check with the other methods below.
http://support.Kaspersky.com/viruses/solutions?QID=208280684Download malwarebytes and scan with it, run MRT and add Prevx to be sure that he is gone.
(If Rootkits run UnHackMe)Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
Malwarebytes - free
http://www.Malwarebytes.org/products/malwarebytes_freeSuperAntiSpyware Portable Scanner - free
http://www.SUPERAntiSpyware.com/portablescanner.HTML?tag=SAS_HOMEPAGERun the malware removal tool from Microsoft
Start - type in the search box-> find MRT top - right on - click RUN AS ADMIN.
You should get this tool and its updates via Windows updates - if necessary, you can
Download it here.Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
(Then run MRT as shown above.)Microsoft Malicious - 32-bit removal tool
http://www.Microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=enMicrosoft Malicious removal tool - 64 bit
http://www.Microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495e-94E7-6349F4EFFC74&displaylang=enalso install Prevx to be sure that it is all gone.
Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
Prevx - Home - free - small, fast, exceptional CLOUD protection, working with others
security programs. It is a single scanner, VERY EFFICIENT, if it finds something to come back
here or use Google to see how to remove.
http://www.prevx.com/ <-->
http://info.prevx.com/downloadcsi.asp <-->Choice of PCmag editor - Prevx-
http://www.PCMag.com/Article2/0, 2817,2346862,00.aspTry the demo version of Hitman Pro:
Hitman Pro is a second scanner reviews, designed to save your computer from malicious software
(viruses, Trojans, rootkits, etc.). who infected your computer despite safe
what you have done (such as antivirus, firewall, etc.).
http://www.SurfRight.nl/en/hitmanpro--------------------------------------------------------
If necessary here are some free online scanners to help the
http://www.eset.com/onlinescan/
-----------------------------------
Original version is now replaced by the Microsoft Safety Scanner
http://OneCare.live.com/site/en-us/default.htmMicrosoft safety scanner
http://www.Microsoft.com/security/scanner/en-us/default.aspx----------------------------------
http://www.Kaspersky.com/virusscanner
Other tests free online
http://www.Google.com/search?hl=en&source=HP&q=antivirus+free+online+scan&AQ=f&OQ=&AQI=G1--------------------------------------------------------
After the removal of malicious programs:
Also follow these steps for the General corruption of cleaning and repair/replace damaged/missing
system files.Start - type this into the search-> find COMMAND to top box and RIGHT CLICK-
RUN AS ADMINEnter this at the command prompt - sfc/scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker
(SFC.exe) program generates in Windows Vista cbs.log
http://support.Microsoft.com/kb/928228Run checkdisk - schedule it to run at the next startup, then apply OK then restart your way.
How to run the check disk at startup in Vista
http://www.Vistax64.com/tutorials/67612-check-disk-Chkdsk.html-----------------------------------------------------------------------
If we find Rootkits use this thread and other suggestions. (Run UnHackMe)
======================================
If necessary AFTER you are sure that the machine is clean of any malware. (DO NOT USE IF)
MALWARE IS STILL PRESENT).You can try a repair install or an upgrade in Place.
You can use another DVD that aren't copy protected but you you need to own
Product key. It must be the same version 32 or 64 BIT Vista OEM. Also the system
machine to usually sell the cheap disk since you already own Windows. Don't forget to make a
good backup or 3 (security in redundancy).On-site upgrade
http://vistasupport.MVPs.org/repair_a_vista_installation_using_the_upgrade_option_of_the_vista_dvd.htmThis tells you how to access the System Recovery Options and/or a Vista DVD
http://Windows.Microsoft.com/en-us/Windows-Vista/what-happened-to-the-recovery-consoleHow to perform a repair for Vista Installation
http://www.Vistax64.com/tutorials/88236-repair-install-Vista.html=======================================
For extreme cases:
Norton Power Eraser - eliminates deeply embedded and difficult to remove crimeware
This traditional antivirus analysis does not always detect. Because the Norton Power Eraser
uses aggressive methods to detect these threats, there is a risk that it can select some
legitimate programs for removal. You should use this tool very carefully and only after
you have exhausted other options.
http://us.Norton.com/support/DIY/index.jsp================================
If you are in North America, you can call 866-727-2338 to get infections of virus and spyware. Seehttp://www.microsoft.com/protect/support/default.mspx for more details. For international information, check your subsidiary local Support site.
I hope this helps.
Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">
-
The "Malware Protection" part of the Security Center Windows has stopped working.
When I start my computer, I get an alert from my Windows Security Center that Windows Defender is disabled (it isn't) and that my anti-virus is turned off (it is not). All other sections of the pole security running OK. This problem started about 25 April 2010. I have Vista 32 bit Home Premium, I have Spyware Blaster, Windows Defender, and Ad-Aware, I was using Panda Cloud antivirus. When the problem started, I uninstalled Panda and installed AVG free. I also installed Malwarebyte s anti-malware. I have run in normal mode and in safe mode and not found anything. I also ran Windows defender. The only modification made before the surfacing of the problem was that I've updated Spyware Blaster to their new version. Does anyone have a suggestion?
Hello Poppyw,
Thank you for visiting the Microsoft answers Site.
As Windows Defender features Protection actions in real-time against spyware, the problem may be due to an installation of another product that also offers anti-spyware protection.
To resolve this problem, you can perform a clean boot to determine if a background program may interfere.
To do this, please see the link below:
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
You can also view the link below, provided by the software vendor with information about the installation of AVG:
http://www.Avg.com/us-en/KB.Num-2672#NUM-2672
In addition, you can check the thread below with a similar problem:
Thank you
Mary
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think. -
Computer infected with the Blaster worm
original title: Blaster worm
My PC (Vista OS) is infected with the Blaster worm and it won't work no matter what removal tools when I download them. When I try and run an alert appears and tells me that the tool is infected with the Blaster worm and cannot run it and then told me to buy security tools. Any help would be appreciated.
Hello
Its looks like you have one of these fake antivirus programs - carry a name or you point to
Some Web sites? If so we can probably provide directed support deletion.Where is security tool or other malicious software similar.
No one program cannot be used to detect and remove any malware. Added that often easy to
detect malware is often accompanied by a much more difficult to detect and remove the payload. If its
better to be too full now than to pay the price much later. Check with these extreme
Overkill point and then run the cleaning only when you are sure that the system is clean.Security tool (and SecurityTool) is a fake antivirus, a scam to force you to pay for it while it
There is no advantage at all.Remove SecurityTool and Security Tool (uninstall Guide)<-- read="">
http://www.bleepingcomputer.com/virus-removal/remove-security-toolIt can be made repeatedly in Mode safe - F8 tap that you start, however, you must also run
the regular windows when you can.Download malwarebytes and scan with it, run MRT and add Prevx to be sure that he is gone.
(If Rootkits run UnHackMe)Malwarebytes - free
http://www.Malwarebytes.org/Run the malware removal tool from Microsoft
Start - type in the search box-> find MRT top - right on - click RUN AS ADMIN.
You should get this tool and its updates via Windows updates - if necessary, you can download
It's here.Download - SAVE - go where go out you there - top - right click RUN AS ADMIN
(Then run MRT as shown above.)Microsoft Malicious - 32-bit removal tool
http://www.Microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=enMicrosoft Malicious removal tool - 64 bit
http://www.Microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495e-94E7-6349F4EFFC74&displaylang=en-----------------------------
also install Prevx to be sure that it is all gone.
Prevx - Home - free - small, fast, exceptional CLOUD protection, working with other security programs.
It is a single scanner, VERY EFFICIENT, if it finds something to come back here or use Google to see
How to remove.
http://www.prevx.com/Choice of PCmag editor - Prevx-
http://www.PCMag.com/Article2/0, 2817,2346862,00.aspTry the demo version of Hitman Pro:
Hitman Pro is a second scanner reviews, designed to save your computer from malicious software (viruses,
Trojan horses, rootkits, etc.). that has infected your computer despite all the security measures you
took (such as antivirus, firewall, etc.).
http://www.SurfRight.nl/en/hitmanpro
--------------------------------------------Here are some free scanners online help if needed:
http://www.eset.com/onlinescan/
New Vista and Windows 7 version
http://OneCare.live.com/site/en-us/Center/whatsnew.htmOriginal version
http://OneCare.live.com/site/en-us/default.htmhttp://www.Kaspersky.com/virusscanner
Other tests free online
http://www.Google.com/search?hl=en&source=HP&q=antivirus+free+online+scan&AQ=f&OQ=&AQI=G1--------------------------------------------
Also do to the General corruption of cleaning.
Run DiskCleanup - start - all programs - Accessories - System Tools - Disk Cleanup
Start - type this into the search-> find COMMAND to top box and RIGHT CLICK-
RUN AS ADMINEnter this at the command prompt - sfc/scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe)
program generates in Windows Vista cbs.log
http://support.Microsoft.com/kb/928228Run checkdisk - schedule it to run at the next startup, then apply OK then restart your way.
How to run the check disk at startup in Vista
http://www.Vistax64.com/tutorials/67612-check-disk-Chkdsk.html-----------------------------------------------------------------------
If we find Rootkits use this thread and other suggestions. (Run UnHackMe)
I hope this helps.
Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">
-
CSA 5.1 (Classification of the untrusted content Module)
Hi Experts,
I'm under CSA in my driver and his kind of stable now and working Fine.I need to know one thing I hv disabled 'Module of Classification content unreliable' according to the classification of the Application policy makes part of all the Windows Group.I hv disable this module, because there are more than 1000 applications runing in my body and will add more new applications that cannot be tested in my Test harness.
I want to know the level of security tht I hv compromised by disabling this module on my ASC.
No, it monitors just apps and ranks them according to the rules. A bit like protection of the core rules. It can also be useful in the investigation of the Application.
You must test with real outside your if possible laboratory stations, but you don't need this rule to do.
-
We are deploying CSA ver5.0 in our society. I read 2 books for Cisco Press but wanted to get an idea of what real companies use as their groups. We have all the windows, all Types of desktop computers, remote desktop or Mobile and CTA. Everyone thinks it is exaggerated or under the protection of a starting point?
The only problem we encountered so far is that the IBM portable computer touchpad driver is detected as an untrusted root kit. If someone met what I'd like to hear about your solution. TAC still works with us on this to create an exception that works.
Thank you
Dvergau,
I think it is maybe too kill to a pilot group. That is where I hope you intend to start. You want to import a little, you decide what is a little, then slowly adjust and Add. What I mean is that you need to adjust these rules that block the operation. Then add a little more political and other.
Many people have several ways of doing things. Some suggest simply use the wizard for all, many will tell you to clone all groups and modify those that don't. Cloning is a pretty smart way to keep a reference point. Yet once again, I suggest you start small and build up to the reference level.
Regarding the rootkit, it's tough. The only way to allow the rootkits are to use the wizard. The wizard will make the hashes and application and the exception. I found a similar problem with Symantec. Leaving me the only option to disable the notification, or to add hashes on the fly.
Hope this helps, if you need just to all creation information and politics rule. I'll help you better than I can.
Kind regards
Christopher
-
What is the default action of the CSA?
Hi all
I'm a newcomer to the CSA. I have a few questions as follows. Could you please clarify it for me?
1. If all the rules do not match the event, what measures will it take place? Allow or deny?
2. If the first answer is allow, how it can protect the system from the zero-day attack?
Thank you very much
Nitass
Nitass,
You are right that if no rules are triggered, CSA does not interfere with the application. But to answer the second half of your original question, CSA protects attacks zero-day monitoring of behavior rather than signatures. In other words, it doesn't matter what the attack code looks like, no matter what he does. For example, if you get attacked by a new virus, not have a signature for your anti-virus software to detect. But if she tries to install a copy on your computer, or tries to install a rootkit, or open a port for listening or scans for other vulnerable hosts, CSA detects these actions and block them.
-
CSA installed 5,2.0.238 on a Win 2 k 3 Server
The server that I have will deploy with the CSA Agent, must only be attached to the group "Servers - deployed internally" or should it be attached to other groups as well? This server is not a file or print server, but will maintain the newspapers if I don't want the necessary protection.
Thank you
Adam
Yes, I clone everything like I did with 4.X.
He made the upgrades and management much easier IMHO.
Tom
-
Can CSA produce an inventory of the applications?
Can produce CSA and an inventory of the applications installed on a protected host?
Yes, if you enable investigation of Application deployment, you will get an inventory of installed applications (what you see in Add/Remove programs on the PC). In addition, CSA also follows the processes running on the machine, then you will see applications that are not "installed", but run as just transient process.
Thank you
Josh -
Hi all!
I have a question.
We want to protect business data and I put the CSA - MC connect when someone try to copy the private data on a removable device, USB key...
and the CSA send me a mail regarding this event.
But this isn't a sufficient protection. If the user changes the name file (.mp3) I don't know what is the file, in fact it's really a 'mp3' or private data.
What can you suggest me?
Can I save the file somewhere to check later?
or create a better rule, to catch if anyone tries to steal data.
(I don't want to refuse the recording, connect the flight)
I hope you understand what I want.
Thank you, br, Gabor
Hey Gabor,
You can use these data classes, and I recommend it as a good starting point. The idea is that you must set the data (i.e. from your sensitive application) and preset policies will monitor and control the data. In addition, you will be able to report on the data labels and see how data are used in your environment.
Hope that helps!
Josh
-
CSA Client unistall and disable.
Is it possible to set a password so that users cannot disable, change, or uninstall the client on the local desktop?
Thank you
Dan
Go to the policy page, find the 'Base - CSA Service and control of the client user interface' you will see the module 'Base - CSA UI control customer' rule and then you will see the "basic - service control of CSA."
The service order is more to the protection of the service from other applications are trying to kill/stop/change agent service CSA, not so much for the protection of the user.
Located in the module 'Base - CSA UI control customer' rule itself, you will see the "Agent UI control rule", examine it and you will see the following text:
Control interface user agent rule [2112]
Interaction of the UI control agent
Allow the user to reset the settings to default user interface agent
Allow a user interaction
Allow access to the configuration of the user agent and contact information
Allow the user to modify the security settings for agent
Allow user change agent of personal firewall settings
Remove the taskbar notifications
Of course if you check / uncheck these it will allow or not allow respectively.
-
I have a pdf file titled 'Cisco Security Agent with Intrusion Protection for Remote Corporate Users' in which she declares that one of the characteristics of the CSA is
"Location-aware protection allows The Cisco Security Agent normal network use, for example, sharing files between computers while in office, but prevents these risky activities when the computer is in a remote location."
However, I find no reference to this feature elsewhere. Is this possible with CSA currently? If so, how it is configured?
Interesting. I didn't know something about policy aware of the location such as an external element. As mentioned earlier, policy aware of the location are planned for version 4.5. Calendar that is still planned for the end of summer this year (guess some time in the period August/September). I suggest you talk with your local to see Cisco account team to get a firmer date. There are a number of other new features in version 4.5 that will make this one of the largest CSA releases to date. I hope this helps.
Scott
Maybe you are looking for
-
Is - this legitimate e-mail from Apple?
The reliable email received: is despicable.
-
ICloud newbie: download photos from the iPod touch 4th generation to iCloud
Trying to save photos from an older device. I activated iCloud on the iPod and it says "Download xxx photos" but when I open my iCloud account on my laptop, the photos are not there. (It works great with my iPhone). Any suggestions?
-
How can I convert cela AppleScriptObjC?
I need simulate the touch of a button, but cannot be used for events of the sandboxing system. I found this, but it is written in pure Objective C and I don't know how to convert: CGEventRef e = CGEventCreateKeyboardEvent (NULL, (CGKeyCode) 31, true)
-
I'm sorry if this has been discussed, but for the world of me, I can't navigate this archaic forum with a value of beans. Anywho, brand new Trek restarts anytime a disconnect any device. I know I read a bunch of messages somewhere on this forum? I ne
-
Management services ReadyNAS offline after 6.5.2 updated
I used my RN104 successfully since her installation. Discs 4 x 3 TB approved without incident running. Installation of firmware updates when you are prompted. But with the upgrade to 6.5.1 6.5.2, I cannot now access services of management by Netgear