You have an IPS policy applied to and agent and are getting events for the int_rootpriv_ps and you are looking to tune those events but you do not see the int_rootpriv_ps listed in the policy. How then do you tune the int_rootpriv_ps?
It turns out that int_rootpriv_ps and rootpriv_ps are the same sandbox.
Please note: Rootpriv_ps is what you use to tune things that come into int_rootpriv_ps – but there are so many things that go in there it is better (in most cases) to create a custom sandbox and lock down rootpriv_ps to have no access to anything.
Subscribing will provide email updates when this Article is updated. Login is required.