Using RDP with /console switch restarts Vontu services upon log off

Article Id: 160026

Status: Published

Updated On: 26-08-2011 19:55

Legacy Id: TECH220190

Products:

Data Loss Prevention Network Prevent for Email , Data Loss Prevention Enforce , Data Loss Prevention Network Prevent for Web

Issue/Introduction:

I logged onto the prevent server with a local account as follows:
"C:\Windows\system32\mstsc.exe / console"

When I logged off, the Vontu services restarted. Why would the services
get restarted on a logout condition?

Resolution:

Problem:

Using RDP with the following flag "C:\Windows\system32\mstsc.exe / console" causes the Vontu services to be restarted when you log off.

Workaround:
Go to the advanced setting page and add " -Xrs" to the BoxMonitor.PacketCaptureDirectives setting.

To get to the advanced setting page, from the Enforce UI go to System -> OverView -> select appropriate detection server -> click Advanced tab.

The following settings all need to have the value "-Xrs" appended to them as well:

BoxMonitor.IncidentWriterMemory
BoxMonitor.EndpointServerMemory
BoxMonitor.FileReaderMemory
BoxMonitor.RequestProcessorMemory

Save the changes and restart the server. The packet capture won't restart this time

For further reference see http://support.microsoft.com/kb/278845