Hi there guys,
Hope you guys can help with this one. New exclusions have been added in the On-Access Default Processes Policies but its not replicating to the agents. Think this might be because of database connection errors but not sure myself. Found the following line in the orion log:
2013-03-08 07:55:55,114 WARN [http-50505-Processor21] element.QueryDashboardElementFactory - Cannot create dashboard element with query. Reason: user not authorized to access table PAAuditBenchmarkResultView
Full logs attached.
Message was edited by: sgriesel on 3/8/13 7:21:19 AM CSTMessage was edited by: sgriesel on 3/8/13 7:32:43 AM CST
The error you mention won't have anything to do with On-Access policies. The noted error would only have a potential effect on Policy Auditor.
There are too many variables to know for sure. But if you're agent is communicating correctly (which it appears to be), there's probably an inheritance issue foobar. Or what many people forget to do is select 'Server' or 'Workstation' in the policy modifications.
Sometimes the simple answers are the ones we forget about! BTW of course make sure your Apache (ePO Server) is running... that controls agent server comms but isn't necessary for logins and policy mods.
Message was edited by: jenkinski on 3/8/13 6:02:23 PM CSTMessage was edited by: jenkinski on 3/8/13 6:03:05 PM CST
Thank you for your reply.
I double checked the "server" modification and it is selected:
Also checked the Apache service running, all looks good:
Perhaps a little more details as to why you believe it is not replicating. What is being blocked/scanned? The assumptions are:
The systems are communicating
The systems don't have broken inheritance
You are 'over writing client rules'
The processes tab for default says to use 'one policy for all processes'
It is in fact a VSE on-access block and not a HIPS, Artemis or firewall block
I added few exclusions to test, please see image above to
The following files are being excluded on the Exchange machine to scan:
I logged onto the Exchange server, opened the "On Access Scan Properties" and the exclusion number in brackets not increasing. See image below.
The policy im using was duplicated from original exchange policy to test and does not inherit.