Using RDP with /console switch restarts Vontu services upon log off

book

Article ID: 160026

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email Data Loss Prevention Enforce Data Loss Prevention Network Prevent for Web

Issue/Introduction

I logged onto the prevent server with a local account as follows:
"C:\Windows\system32\mstsc.exe / console"

When I logged off, the Vontu services restarted. Why would the services
get restarted on a logout condition?

Resolution

Problem:

Using RDP with the following flag "C:\Windows\system32\mstsc.exe / console" causes the Vontu services to be restarted when you log off.

Workaround:
Go to the advanced setting page and add " -Xrs" to the BoxMonitor.PacketCaptureDirectives setting.

To get to the advanced setting page, from the Enforce UI go to System -> OverView -> select appropriate detection server -> click Advanced tab. 

The following settings all need to have the value "-Xrs" appended to them as well:

BoxMonitor.IncidentWriterMemory
BoxMonitor.EndpointServerMemory
BoxMonitor.FileReaderMemory
BoxMonitor.RequestProcessorMemory

Save the changes and restart the server. The packet capture won't restart this time

For further reference see http://support.microsoft.com/kb/278845