ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Override Prevention Using the sisipsoverride Tool on DCS Linux Agents

book

Article ID: 169591

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

This article will outline the process to override prevention using the sisipsoverride tool on Data Center Security (DCS) Linux Agents

Resolution

Prerequisite: A user or group MUST be specified in the Policy Override section of the IPS policy being implemented on the agent

1. Login as a valid user to override the IPS policy (specified in the Policy Override section of the IPS policy)

2. Navigate to /opt/Symantec/sdcssagent/IPS

3. Run ./sisipsoverride.sh

4. Input the user's password for verification

5. Specify the amount of time to override prevention

6. Enter a comment for the override (optional)

To re-enable prevention or extend the time for override, you may do the following:

1. Run ./sisipsoverride.sh

2. Choose option 1 to enable prevention, or option 2 to extend the override time