What happens when the Critical System Protection services are stopped? Am I still protected?
When the services are stopped, communication will cease but the agent will still be protected, and changes to files will still be monitored.
The Intrusion Prevention Driver is a Kernel-mode driver, which is independent of services, so shutting down the SCSP services will not stop the IPS driver from functioning. The IPS driver will continue to operate with the previously assigned policy, and will log all events locally.
However, when the services are stopped, then communication between the Agent and the Manager cease, so the agent cannot send events to the Manager and cannot receive new policies. When the services are started again, then all the events that were logged while the services were stopped are sent to the manager.
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.