search cancel

How to enable Self Protect on SCSP and SDCSS

book

Article ID: 162556

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Advanced

Issue/Introduction

Customer wants to only have self protect active on an IPS policy and everything else disabled.  This way the agent cannot be removed or disabled while only using IDS.

 

Resolution

The policy type that needs to be used is the targeted prevention for either Windows or Unix, sym_win_targeted_prevention_sbp and sym_unix_targeted_prevention_sbp.

 

Edit the policy you want to use to only have Self Protection active.  

Click on Sandboxes

 

Then Click Edit on Default PSET Options [Default_ps]

 

 

 

Make sure the box is checked to Enable SDCSS Self Protection

 

 

You can uncheck all the boxes under File Rules and Process Access controls to disable any IPS block rules.

 

 

Click on the Home tab on the upper left.

 

On the main screen for the policy click Global Policy Options and check for any rules that are active and set to block, make sure you uncheck them to disable them.

 

 

Once you checked the Global Policy Options go back to the main page to edit the policy and click on File Rules

 

 

Make sure none of the rules that are set to block access are unchecked.

 

 

Now you can save the policy and apply it, this will work on both Windows targeted prevention policies and Unix targeted prevention policies. 

 

Please make sure to test the policy before applying it to production, to verify that the policy is working as intended.

 

 

 

 

 

 

 

Attachments