You can resolve this issue by adopting one of the two following approaches:
Approach 1 – Product and policy upgrade
- If the SES: CSP management server and agent are on a version later than 6.5.0, and you have applied old SES: CSP 6.5.0 Windows prevention policy on the agent, the issue might occur. Apply Windows prevention policies of the same version as the management server and agent.
- If the SES: CSP management server, agent, and applied Windows prevention policy is of version 6.5.0, the issue might occur. Upgrade your management server and agent to version 6.5.1 or later, and apply Windows prevention policy of the same version.
For information about the supported upgrade paths and upgrade processes, see the Supported upgrade paths from SES: CSP 6.5.0 to later versions section on this page.
Approach 2 – Add required rules to the 6.5.0 policies
If you want to continue using the 6.5.0 Windows prevention policies, add additional rules in the Windows Netsvcs Services sandbox by performing the following steps:
- In the management console, edit the Windows prevention policy.
- Under Advanced Policy Settings, click Sandboxes.
- Under OS Sandbox Options, click Edit[+] for the Windows Netsvcs Services sandbox.
- Under Registry Rules > Writable Resource List, select and click Edit[+] for one of the following:
- Allow but log modifications to these Registry keys
- Allow modifications to these Registry keys
- Click Add.
- You can choose to add either a single generic rule, or multiple specific rules.
Depending on how you want to add the rules, enter the following details:
Rule type |
Entries on the "Resource Path" field |
Entry on the "Program Path" field |
Single generic rule |
\REGISTRY\MACHINE\SYSTEM\*controlset*\services\* |
%systemroot%\system32\svchost.exe. |
Multiple specific rules |
- \REGISTRY\MACHINE\SYSTEM\*controlset*\services\MpsSvc\*
- \REGISTRY\MACHINE\SYSTEM\*controlset*\services\TaskSchedulerSvc\*
- \REGISTRY\MACHINE\SYSTEM\*controlset*\services\VSS\*
- \REGISTRY\MACHINE\SYSTEM\*controlset*\services\iphlpsvc\*
- \REGISTRY\MACHINE\SYSTEM\*controlset*\services\netsetupsvc
|
%systemroot%\system32\svchost.exe. |
- Click OK.
- Click Apply. When prompted to submit the changes, click Submit.
- Click OK.
- Apply or reapply the policy to the agent.
Supported upgrade paths from SES: CSP 6.5.0 to later version
To resolve this issue, you can directly upgrade SES: CSP 6.5.0 to 6.5.1. To learn about the incremental upgrade paths from 6.5.0 to the latest current version, see the following online documentation links:
To learn about the management server and Windows agent upgrade processes, see the following online documentation links: