search cancel

Driver failed to load new policy: Error adding sigflags when applying a policy to a DCS 6.6 agent

book

Article ID: 163184

calendar_today

Updated On:

Products

Data Center Security Server

Issue/Introduction

Driver failed to load new policy: Error adding sigflags when applying a policy to a Data Center Security (DCS) 6.6 agent

This policy also applies successfully to previous version of the DCS/CSP (Critical System Protection) agent.

Driver failed to load new policy: Error adding sigflags

Cause

In DCS 6.6 we have added Signature Validation, so when invalid signatures exist in the policy the policy will fail to apply to a DCS 6.6 agent and will give the error stating Error adding sigflags.

This same policy will apply to previous version of the DCS/CSP agent because there is no Signature validation.

Resolution

You must remove all invalid signature entries from the policy and apply to the agent again.

At the time this article is written, the only valid signature entries when manually editing policies are available from the drop-down.

The signature flags available from the drop-down are:

  • Microsoft OS Component
  • Microsoft Signed
  • Symantec Signed
  • Signed and Trusted
  • Unsigned
  • Invalid Signature
  • Service Process
  • Interactive Process

If the policy has lists that are populated by importing a CSV file(s) which includes signatures, you must use the EFA Choice Name and not the Display Name.

The EFA Choice Name uses a format of "efa_signature_choise_XXXXX".

Here are the EFA Choice Names for the flags available from the drop-down when modifying a policy:

  • efa_signature_choice_oscomponent
  • efa_signature_choice_microsoftsigned
  • efa_signature_choice_symantecsigned
  • efa_signature_choice_wellknowntrustedroot
  • efa_signature_choice_unsigned
  • efa_signature_choice_invalidsignature
  • efa_signature_choice_service_process
  • efa_signature_choice_interactive_process