@sep1 entry in the CSP Intrusion Prevention Policy registry access rules causes all the registry writable rules to stop working

search cancel

@sep1 entry in the CSP Intrusion Prevention Policy registry access rules causes all the registry writable rules to stop working

book

Article ID: 393589

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

The customer is using the ImportFileList translation function and accidentally parsed an invalid character @sep1 entry from csv CSP agent event, and this resulted in the behavior that all registry writable rules for this sandbox stopped working.

Environment

CSP 8.0.2

Windows 10 64bit

Standalone Policy Deployment with sisipsconfig -P

Cause

When @sep1 is added to the xml list it is making the entire XML format invalid but because "-" sign was added.

Resolution

This behavior is by design. Usage of "-" sign in front of ImportFileList is optional, and it should be used with caution.

Remove "-" sign from list reference

Before the change:

%?-ImportFileList

After the change:

%?ImportFileList

Feedback

thumb_up Yes

thumb_down No