Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
This discussion is archived
187 Views 0 Replies Latest reply: Jan 16, 2013 10:35 PM by protector RSS
protector Newcomer 47 posts since
Oct 31, 2007
Currently Being Moderated

Jan 16, 2013 10:35 PM

Policies assignment changed on it's own

We encountered an issue today that was very odd.  We have policies assigned at the organizational level.  Today we received a report that an application was having issues.  When we reviewed the policy we noticed that it was a completely different policy assigned at the organizational level.  We reviewed the audit log and saw the following entries for a particular user which included the policy that suddenly changed.  The problem was that this user was not logged in to the console at the time that  all this was logged.  This is just a slice of what we see and these entries went on for about 16 hours.  We haven't been able to verify that all the policies are assigned correctly but what we did notice was that this affected only the HIPS policies, including IPS, Application Blocking, and Firewall.  Per the audit log it deleted, created, saved then assigned every single policy created for all components of HIPS.  We have run every custom report to try to identify how this occurred.  We have reviewed every single server task to ensure that we have a misconfigured task with this user.  At this time we are looking for any suggestions or thougts. 

 

 

 

 

 

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points