Updating a Data Center Security Server Advanced policy using the latest policy pack

book

Article ID: 223863

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

Symantec periodically releases policy packs that contain updates to the Data Center Security: Server Advanced policies. These policy packs contain internal improvements and additional policy option controls. To incorporate Data Center Security: Server Advanced policy updates with your policies, you use the Update Policy command.

Environment

Data Center Security Server-Intrusion Prevention & Intrusion Detection Policies

Resolution

In the Java console, click Policies.

Under the Policies tab, click Prevention or Detection.

In the Workspace pane, select a policy, and then right-click Update Policy.
 
To select multiple policies, press and hold the Shift or Ctrl key while selecting the policies.

In the Update Policy Wizard dialog box, select the Data Center Security: Server Advanced policy that you want to use to update your policy, and then click Next.

In the Update Policy Wizard dialog box, select the policy merge option.

In the Update Policy Wizard dialog box, click Finish to save your changes.

In the Java console, click Refresh.

(Optional) Reapply the updated policy to agents and policy groups.

Additional Information

Before you update a policy, you should note the following:

Make a backup copy of the policy that you want to update. This lets you revert to the pre-updated version in case any problems occur with the updated version.

When updating a policy that was applied to an agent, you must decide how you want to merge the option settings of the policy with the baseline settings of the 

Data Center Security: Server Advanced

 policy.

You can update a UNIX policy with a new UNIX policy, but you cannot update a UNIX OS-specific (for example, Solaris) policy with a new UNIX policy.

You may attempt to retain the policy settings by creating a new UNIX policy, and using the Copy Options command to copy the option settings from the Linux policy to the UNIX policy. The success of this approach depends on how many of the option and parameter names are consistent between the policies.

You can update multiple policies at once. When updating multiple policies, you are prompted to select a currently installed policy pack and choose a merge strategy to apply to all selected policies. The selected pack is searched for a new compiled policy with the same name and OS type as the old compiled policy. If a matching compiled policy is found, the policy is updated and merged. If a matching compiled policy is not found, the policy is not updated or merged. You will not see a results screen that lists which policies were updated. As an informal measure, the names of the policies being updated appear briefly on-screen. You can determine if a policy was updated by checking the policy settings.