ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
DCS IPS policy remains disabled for approx 10+ minutes after a power up cycle
Article ID: 239346
Data Center Security Server Advanced
A policy has been set to override for 30 minutes on a Linux server
The Linux computer is shut down and is in an off state for an hour
The computer is started up again. The expectation is that, since the override was for 30 minutes and the computer was off for 30 minutes longer than the override period, that the IPS/Prevention Policy will become effective immediately
Instead, when Linux host is loads the agent, and the IPS driver-- the IPS continues to be in a disabled state for approximately 8-10 minutes. Sometimes longer
Steps to Reproduce:
Override the SDCSS Prevention policy for 15 minutes.
Shutdown the host for 30 minutes. Let the override timer expire when the host is in power down state
Power up the host.
After power-up, observe that the Prevention Policy remains disabled Disabled even though the timer set by the user has expired.
It takes approximately 8-10 minutes to update the Policy Prevention to Enable
SDCSS Agent is not adhering to the policy override timer set by the user. It is allowing additional time without IPS enabled. This may lead to security attacks while the user is under false assumption that IPS would be enabled immediately after timer expiry.