How to override prevention using the sisipsoverride tool on DCS Linux Agents

book

Article ID: 169591

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

How to override prevention using the sisipsoverride tool on Data Center Security (DCS) Linux Agents

Resolution

Prerequisite: A user or group MUST be specified in the Policy Override section of the IPS policy being implemented on the agent.

1. Login as a valid user to override the IPS policy (specified in the Policy Override section of the IPS policy).

2. Navigate to /opt/Symantec/sdcssagent/IPS

3. Run ./sisipsoverride.sh

4. Input the user's password for verification

5. Specify the amount of time to override prevention

6. Enter a comment for the override (optional)

To re-enable prevention or extend the time for override, you may do the following:

1. Run ./sisipsoverride.sh

2. Choose option 1 to enable prevention, or option 2 to extend the override time