SDCSS_Agent_Diagnostics policy will not modify agent configuration.

book

Article ID: 159203

calendar_today

Updated On:

Products

Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

When using the SDCSS_Agent_Diagnostics policy to modify the agent configuration you will receive an error;

PE_0107: Execute command action blocked (not found in commands.txt):  Command \""C:\Program Files\Symantec\Data Center Security Server\Agent\IPS\tools\sdcss_agent_mgmt.bat" -edit_config -ids LocalAgent.ini -section "Event Management" -name "File Collector Events Limit" -value 10000\"  Policy: SDCSS_Agent_Diagnostics  Rule: Execute_Agent_Management

 

Found that the commands.txt has these rules;

"C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS\tools\getagentinfo.bat"

"C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS\tools\csp_agent_mgmt.bat"

%SYSTEMROOT%\system32\taskkill.exe

 

As you can see the rule is written incorrectly for the command to be executed (csp instead of sdcss). The agent management bat name has changed from CSP to SDCSS yet the commands text is not reflecting this.

 

After manually changing the csp to sdcss you will see that the command is executed however it does not modify the configuration. Bellow you can see the command execute;

 

PE_0110: Execute command called: \""C:\Program Files\Symantec\Data Center Security Server\Agent\IPS\tools\sdcss_agent_mgmt.bat" -edit_config -ids LocalAgent.ini -section "Event Management" -name "File Collector Events Limit" -value 10000\".

 

Yet the LocalAgent.ini is not changed. This is due to the sdcss_agent_mgmt.bat not having the correct IPSDIR value e.g. IPSDIR="%INSTALL_DIR%\IPS".

Resolution

 

Modify the commands.txt to reflect the correct made of the sdcss_agent_mgmt.bat file (change from csp_agent_mgmt.bat to sdcss_agent_mgmt.bat.

Modify the sdcss_agent_mgmt.bat to reflect the correct installation directory (change set IPSDIR="%INSTALL_DIR%\IPS" to set IPSDIR="C:\Program Files (add x86 for 64bit OS)\Symantec\Data Center Security Server\Agent\IPS") or add the %INSTALL_DIR% to your system variables pointing to the DCS installation directory.


Applies To

SDCSS 6.0x