What happens when the Critical System Protection services are stopped? Am I still protected?
When the services are stopped, communication will cease but the agent will still be protected, and changes to files will still be monitored.
The Intrusion Prevention Driver is a Kernel-mode driver, which is independent of services, so shutting down the SCSP services will not stop the IPS driver from functioning. The IPS driver will continue to operate with the previously assigned policy, and will log all events locally.
However, when the services are stopped, then communication between the Agent and the Manager cease, so the agent cannot send events to the Manager and cannot receive new policies. When the services are started again, then all the events that were logged while the services were stopped are sent to the manager.
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.