分類:DCS 除錯

Symantec DCS Apply Policy 至 Group 時,Agent 未套用新的 Policy

問題:

當 Apply Policy 至 Group 時,Agent 未套用新的 Policy

解決方案:

當 Agent 本身有 Policy 時,此時若將 Policy Apply 至 Group 時,Agent 將優先套用本身 Policy,若本身無 Policy,則將會判斷最靠近的 Group(若 Group 為多階層)。

# 如圖所示,可以看到

Agent:Q048 目前套用的 Policy 目前套用的 Policy 為 3 v5.2.9 r560

Group1 目前套用的 Policy 目前套用的 Policy 為 2 v5.2.9 r560

image

# 可以看到 Group 並沒有 Prevention Policies,此時 Apply Policy 至 Group。

image

image

image

# 此時會發現 Agent:Q048 並未套用新的 Policy

image

# 將 Agent:Q048 Clear Policy

image

# 此時發現 Agent:Q048 已套用新的 Policy:2 v5.2.9 r560(Group1的Policy)

image

# 再將Group1 Clear Policy

image

image

# 此時發現 Agent:Q048 已套用新的 Policy:1 v6.0.0 r87(Group的Policy),此時 Group 1 已無 Policy

image

# 再 Apply Policy 至 Group

image

image

# 可看到 Agent:Q048 已套用新的 Policy:4 v6.0.0 r87(Group的Policy)

image

 

※ 故,若 Apply Policy 至 Group 後發現並無套用至 Group 內的 Agent,請先檢查確認 Agent 是否已直接 Apply Policy 至 Agent 或是 於其他更靠近 Agent 階層的 Group 已 Apply 其他 Policy,此時請先其他無關 Policy 先行 Clear Policy,則一開始 Apply 的 Policy 會生效。

無法重新安裝 DCS Agent

透過新增移除程式 移除 DCS Agent 後,重新開機後卻無法再次安裝 DCS Agent

出現以下錯誤

error!An agent uninstallation requires a reboot.
please reboot system before running installation.

image

請執行 regedit

找到
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
將裏頭的 PendingFileRenameOperations 刪除

或是寫成批次檔
REG DELETE “HKLM\SYSTEM\ControlSet001\Control\Session Manager" /v PendingFileRenameOperations /f

如果仍無法安裝,請再加以下這幾個

REG DELETE “HKLM\SYSTEM\CurrentControlSet\Services\SISIDSRegDrv" /f
REG DELETE “HKLM\SYSTEM\CurrentControlSet\Services\SISIPSDriver" /f
REG DELETE “HKLM\SYSTEM\CurrentControlSet\Services\SISIPSNetFilter"
REG DELETE “HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\SISIPSNetFilter" /f

 

 

image

DCS Agent 移除指令如下:

MsiExec.exe /X{3D24482F-98BD-48DD-AA62-8B24BFDE7329} /qn

【Unattended uninstallation of an agent】
You can perform an unattended (silent) uninstallation of an agent using the
agent.exe or agent-windows-nt.exe executable and InstallShield and Windows
Installer commands.
The following command structure shows the sequencing:
MsiExec.exe /X{<PRODUCT CODE>} /qn /l*v!+ <UNINSTLL LOG FILE>
The <PRODUCT CODE> is the Symantec Critical System Protection uninstall
string necessary for MsiExec.exe. It is in the following directory:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
For Windows 2008 64-bit system, the <PRODUCT CODE> is in the following
directory:
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\
Uninstall
Browse the list of IDs. Locate the Symantec Critical System Protection agent
application by looking at the properties in the right pane. Note the
UinstallString string, and copy and modify it. For example:
MsiExec.exe /X{3D24482F-98BD-48DD-AA62-8B24BFDE7329} /qn /l*v!+
C:\SISAgentUninstall.log
The system reboot is suppressed after the uninstallation.

"Unable to Store Certificate" when logging to Symantec Data Center Security (DCS) console

“Unable to Store Certificate" when logging to Symantec Critical System Protection (SCSP) console

http://www.symantec.com/business/support/index?page=content&id=TECH144027

image

Cause

Console failed to create certs folder inside the installation directory.

Solution

Create the certs folder inside the installation directory for console and give it full permissions for the user who is logged in. The default path for the console folder is:

for SCSP

C:\Program Files\Symantec\Critical System Protection\Console

for DCS

C:\Program Files (x86)\Symantec\Data Center Security Server\Console