search cancel

DCS Your agents are in a odd state of policy pending, prevention enabled, etc and you want to sort them out.

book

Article ID: 163513

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

Your agents are in a odd state of policy pending, prevention enabled, etc and you want to sort them out.

Resolution

-- Below query returns ALL non-affected Agents (i.e. IPS NOT supported or IPS feature Disabled and Prevention policy flag pending, This is by design)

 

SELECT

                Hostname,CaptionName,IPAddress, *

FROM

      ASSET

WHERE

      (AgentState LIKE '%e%') AND (PolicyStatus LIKE '%P%');

 

 

-- Below query return ALL affected Agents (i.e. IPS supported and IPS

feature is enabled but prevention policy flag is pending)

 

SELECT

                Hostname,CaptionName,IPAddress, *

FROM

      ASSET

WHERE

      (AgentState LIKE '%E%') AND (PolicyStatus LIKE '%P%');

 

 

 

Please find below information for your reference :

 

AgentState field in Asset table:

•             ‘e’ – Prevention Feature is not active (i.e., IPS Driver is not

installed)

•             ‘E’ – Prevention Feature is active (i.e., IPS Driver is installed)

•             ‘r’ – Reboot has not been done

•             ‘R’ – Reboot has been done

•             ‘p’ – Prevention disabled (using prevention policy)

•             ‘P’ – Prevention enabled (using prevention policy)

 

PolicyState field in Asset table

•             policyStatus = P           --     "prevention policy pending"

•             policyStatus = D           --     "detection policy pending"

•             policyStatus = E           --     "prevention policy error"

•             policyStatus = e           --     "detection policy error"

•             policyStatus = blank --     "all good"

•             policyStatus = NULL        --     "n/a, must be mgmt server"