Enabling agent Self Protect on SCSP and SDCSS
search cancel

Enabling agent Self Protect on SCSP and SDCSS

book

Article ID: 162556

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Advanced Data Center Security Server

Issue/Introduction

You only want to have self protect active on a DCS or CSP IPS policy and everything else disabled, so the agent cannot be removed or disabled while only using IDS

 

Resolution

Use the targeted prevention policy below for Windows or Unix agents: 

sym_win_targeted_prevention_sbp

or

sym_unix_targeted_prevention_sbp

 

In the Java console, edit the policy you want to use to only have Self Protection active

Click on Sandboxes

 

Then Click Edit on Default PSET Options [Default_ps]

 

 

 

Make sure the box is checked to Enable SDCSS Self Protection

 

 

You can uncheck all the boxes under File Rules and Process Access controls to disable any IPS block rules

 

 

Click on the Home tab on the upper left

 

On the main screen for the policy click Global Policy Options and check for any rules that are active and set to block, make sure you uncheck them to disable them

 

 

Once you checked the Global Policy Options go back to the main page to edit the policy and click on File Rules

 

 

Make sure none of the rules that are set to block access are unchecked

Now you can save the policy and apply it, this will work on both Windows targeted prevention policies and Unix targeted prevention policies

Please make sure to test the policy before applying it to production, to verify that the policy is working as intended