4 Replies Latest reply: Mar 12, 2013 2:17 AM by stickman RSS

    policy not replicating in epo

    stickman

      Hi there guys,

       

      Hope you guys can help with this one. New exclusions have been added in the On-Access Default Processes Policies but its not replicating to the agents. Think this might be because of database connection errors but not sure myself. Found the following line in the orion log:

       

      2013-03-08 07:55:55,114 WARN  [http-50505-Processor21] element.QueryDashboardElementFactory  - Cannot create dashboard element with query. Reason: user not authorized to access table PAAuditBenchmarkResultView

       

      Full logs attached.

       

      Regards,

       

      Stephan

       

      Message was edited by: sgriesel on 3/8/13 7:21:19 AM CST

       

      Message was edited by: sgriesel on 3/8/13 7:32:43 AM CST
        • 1. Re: policy not replicating in epo
          jenkinski

          Stephan,

           

          The error you mention won't have anything to do with On-Access policies. The noted error would only have a potential effect on Policy Auditor.

           

          There are too many variables to know for sure. But if you're agent is communicating correctly (which it appears to be), there's probably an inheritance issue foobar. Or what many people forget to do is select 'Server' or 'Workstation' in the policy modifications.

           

          Sometimes the simple answers are the ones we forget about! BTW of course make sure your Apache (ePO Server) is running... that controls agent server comms but isn't necessary for logins and policy mods.

          -KJ

           

          Message was edited by: jenkinski on 3/8/13 6:02:23 PM CST

           

          Message was edited by: jenkinski on 3/8/13 6:03:05 PM CST
          • 2. Re: policy not replicating in epo
            stickman

            Hi Jenkinski,

             

            Thank you for your reply.

             

            I double checked the "server" modification and it is selected:

             

            exclusionpolicy.JPG

             

            Also checked the Apache service running, all looks good:

             

            exclusionpolicy2.JPG

            • 3. Re: policy not replicating in epo
              jenkinski

              Perhaps a little more details as to why you believe it is not replicating. What is being blocked/scanned? The assumptions are:

               

              The systems are communicating

              The systems don't have broken inheritance

              You are 'over writing client rules'

              The processes tab for default says to use 'one policy for all processes'

              It is in fact a VSE on-access block and not a HIPS, Artemis or firewall block

              • 4. Re: policy not replicating in epo
                stickman

                I added few exclusions to test, please see image above to

                 

                The following files are being excluded on the Exchange machine to scan:

                 

                c:\stephan\*

                c:\stephan\test\*.*

                c:\stephan\test2\*.*

                 

                I logged onto the Exchange server, opened the "On Access Scan Properties" and the exclusion number in brackets not increasing. See image below.

                 

                EXLUSIONS.JPG

                 

                The policy im using was duplicated from original exchange policy to test and does not inherit.