SCSP After applying the targeted IPS protection policy, self-protection prevents you from applying a new policy.

book

Article ID: 157957

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

After applying sym_win_targeted_prevention_sbp and
enabling SCSP Self Protection, unable to remove or apply other policies, when
you try you get a policy translation Failed; Unknown error.

Also get Process Modification Denied for (csrss.exe) on (C:\Program Files(x86)
\Symantec\Critical System Protection\Agent\IPS\bin\translate.exe)

 

Resolution

Recovery from this (with prevention enabled) is to boot into safe mode and change the applied policy.


Applies To

This issue is only present on minimum agent version 5.2.9 policies that use the Process Access Control feature set.

This only affects Windows Server 2008/Windows 7 and new systems. Windows Server 2003 and earlier are not affected.

The min agent version 5.2.0 targeted prevention policy does not exhibit this behavior.