Application of SES: CSP 6.5.0 policy on Microsoft Windows 10 systems may cause Network interface issue

book

Article ID: 171222

calendar_today

Updated On:

Products

Embedded Security Critical System Protection

Issue/Introduction

A network interface is the point of interconnection between a system and a private or public network. 
If you apply a Symantec Embedded Security: Critical System Protection (SES: CSP) 6.5.0 Windows prevention on a system running on a Microsoft Windows 10 Operating System version and then restart the system, the network interface of the system might go down.

 

None

Cause

A limitation in the SES: CSP 6.5.0 Windows prevention policy.
SES: CSP 6.5.1 or a later version Windows prevention policy does not have this limitation.

Environment

Microsoft Windows 10 Operating Systems

Resolution

You can resolve this issue by adopting one of the two following approaches:

Approach 1 – Product and policy upgrade

  • If the SES: CSP management server and agent are on a version later than 6.5.0, and you have applied old SES: CSP 6.5.0 Windows prevention policy on the agent, the issue might occur. Apply Windows prevention policies of the same version as the management server and agent.
  • If the SES: CSP management server, agent, and applied Windows prevention policy is of version 6.5.0, the issue might occur. Upgrade your management server and agent to version 6.5.1 or later, and apply Windows prevention policy of the same version. 
For information about the supported upgrade paths and upgrade processes, see the Supported upgrade paths from SES: CSP 6.5.0 to later versions section on this page.

Approach 2 – Add required rules to the 6.5.0 policies

If you want to continue using the 6.5.0 Windows prevention policies, add additional rules in the Windows Netsvcs Services sandbox by performing the following steps:
  1. In the management console, edit the Windows prevention policy.
  2. Under Advanced Policy Settings, click Sandboxes.
  3. Under OS Sandbox Options, click Edit[+] for the Windows Netsvcs Services sandbox.
  4. Under Registry Rules > Writable Resource List, select and click Edit[+] for one of the following:
    • Allow but log modifications to these Registry keys 
    • Allow modifications to these Registry keys
  5. Click Add.
  6. You can choose to add either a single generic rule, or multiple specific rules. 
    Depending on how you want to add the rules, enter the following details:
    Rule type Entries on the "Resource Path" field Entry on the "Program Path" field
    Single generic rule \REGISTRY\MACHINE\SYSTEM\*controlset*\services\* %systemroot%\system32\svchost.exe.
    Multiple specific rules
    • \REGISTRY\MACHINE\SYSTEM\*controlset*\services\MpsSvc\*
    • \REGISTRY\MACHINE\SYSTEM\*controlset*\services\TaskSchedulerSvc\*
    • \REGISTRY\MACHINE\SYSTEM\*controlset*\services\VSS\*
    • \REGISTRY\MACHINE\SYSTEM\*controlset*\services\iphlpsvc\*
    • \REGISTRY\MACHINE\SYSTEM\*controlset*\services\netsetupsvc
    %systemroot%\system32\svchost.exe.
  7. Click OK.
  8. Click Apply. When prompted to submit the changes, click Submit
  9. Click OK.
  10. Apply or reapply the policy to the agent.

​Supported upgrade paths from SES: CSP 6.5.0 to later version

To resolve this issue, you can directly upgrade SES: CSP 6.5.0 to 6.5.1. To learn about the incremental upgrade paths from 6.5.0 to the latest current version, see the following online documentation links:
To learn about the management server and Windows agent upgrade processes, see the following online documentation links: