3 Replies Latest reply on Mar 7, 2016 3:24 PM by justingoldberg

    User-Defined Rules for servers

    tom981

      I'm going through adding user defined rules for cryptolocker as laid out in the article below. All of my desktops are getting these new rules with no problem but none of my servers are. I applied the rules under "my organization" and made them under server and workstation. Nothing that i can see is blocking the inheritance. Any idea where i should begin looking? Thanks in advance

       

      https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 25000/PD25203/en_US/Cryptolocker_Update_…

        • 1. Re: User-Defined Rules for servers
          tmf

          ePolicy Orchestrator 5.1.2 (Build 348) - Mozilla Firefox_4.png

           

          Have you applied them there?

          • 2. Re: User-Defined Rules for servers
            tom981

            My apologies for not posting my findings. I had everything correct. I did the workstations one day then servers the next day. MS patches were installed that night and something stopped my clients from communicating with the server. After a reboot everyone got the correct policies. Thanks for your response.

            • 3. Re: User-Defined Rules for servers
              justingoldberg

              If you want to duplicate the rules from workstations to servers, here's a note I wrote up:

              To duplicate the workstation rules onto the server rules in epo, export the xml file.

               

              - search for Wrkstn_APRules

              - Copy all the rules below it (eg Setting name="APRuleBlock* )

              - Paste the rules below <Section name="Server_APRules">

              - Modify this value after the server rules so that it matches the workstation (it's a count of the number of rules): <Setting name="dwAPRuleBlocks" value="23"/>

              - modify this name so there won't be a duplicate policy name when imported, otherwise it will overwrite the existing policy: <EPOPolicySettings name="My Defaults: (the name between " and : )

              - change the name here to match the above name: <EPOPolicyObject name="

              - change the name here as well: <PolicySettings>

               

              Then do an import. If you changed the name to something new, then they will be imported into a new policy, otherwise they will overwrite the existing policy that you originally exported.

               

              However, what we are doing internally is deploying all as one type, workstations. It keeps things simpler, and so far has worked for us.