When using the SDCSS_Agent_Diagnostics policy to modify the agent configuration you will receive an error;
PE_0107: Execute command action blocked (not found in commands.txt):Command \""C:\Program Files\Symantec\Data Center Security Server\Agent\IPS\tools\sdcss_agent_mgmt.bat" -edit_config -ids LocalAgent.ini -section "Event Management" -name "File Collector Events Limit" -value 10000\"Policy: SDCSS_Agent_DiagnosticsRule: Execute_Agent_Management
Found that the commands.txt has these rules;
"C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS\tools\getagentinfo.bat"
"C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS\tools\csp_agent_mgmt.bat"
As you can see the rule is written incorrectly for the command to be executed (csp instead of sdcss). The agent management bat name has changed from CSP to SDCSS yet the commands text is not reflecting this.
After manually changing the csp to sdcss you will see that the command is executed however it does not modify the configuration. Bellow you can see the command execute;
Yet the LocalAgent.ini is not changed. This is due to the sdcss_agent_mgmt.bat not having the correct IPSDIR value e.g. IPSDIR="%INSTALL_DIR%\IPS".
Modify the commands.txt to reflect the correct made of the sdcss_agent_mgmt.bat file (change from csp_agent_mgmt.bat to sdcss_agent_mgmt.bat.
Modify the sdcss_agent_mgmt.bat to reflect the correct installation directory (change set IPSDIR="%INSTALL_DIR%\IPS" to set IPSDIR="C:\Program Files (add x86 for 64bit OS)\Symantec\Data Center Security Server\Agent\IPS") or add the %INSTALL_DIR% to your system variables pointing to the DCS installation directory.
Imported Document ID: TECH216881
Subscribing will provide email updates when this Article is updated. Login is required.