The Internet Protocol (IP) Address of a Critical System Protection (CSP) Client Cannot be Modified after applying the Intrusion Prevention System (IPS) Policy "sym_win_protection_strict_sbp".
search cancel

The Internet Protocol (IP) Address of a Critical System Protection (CSP) Client Cannot be Modified after applying the Intrusion Prevention System (IPS) Policy "sym_win_protection_strict_sbp".

book

Article ID: 154949

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

The Transmission Control Protocol/Internet Protocol (TCP/IP) properties of the Network Interface Card (NIC) changes from "Use the following IP address" to "Obtain an IP address automatically".  The IP address, then, cannot be modified even by a Windows administrator.

N/A

Cause

The sym_win_protection_strict_sbp IPS policy resets NIC Dynamic Host Configuration Protocol (DHCP) settings and prevents modification because access to the registry has been locked down.

Resolution

Add IPS rule to permit process: C:\WINDOWS\explorer.exe to access registry items: \CurrentControlSet\Services and \ControlSet001\Services to solve this issue.

The following four rules should be added under Interactive Program Options--> Default Interactive Program Options-->Resources Lists --> Writable Resources Lists --> Allow modification to these registry keys--> Lists of Registry keys that can be modified:

Resource Path                                                        Program Path            

\REGISTRY\MACHINE\System\CurrentControlSet\Services\*                C:\Windows\Explorer.exe

\REGISTRY\MACHINE\System\ControlSet001\Services\                     C:\Windows\Explorer.exe

\REGISTRY\MACHINE\System\ControlSet001\Services\*                    C:\Windows\Explorer.exe

 \REGISTRY\MACHINE\System\CurrentControlSet\Services\                 C:\Windows\Explorer.exe

 

 

 

Applies To

 

n/a

Powered by Wolken Software