CSA 4.5 MC db question

Greeting all. I wanted to ask a question regarding information in a CSA 4.5 MC database.
When I open the EventListView view, there's a column titled ButtonCode. Typical values are 0-4. Does anyone know what these values mean/represent?
Thanks in advance.

They are what the user chose when queried by a rule.
I believe they are :
1- Yes
2- No
3- Not sure as I didn't have any
4- Terminate
Tom S

Similar Messages

  • CSA MC Profiler question

    How to enable Profiler oprion in the CSA-MC menu? During the installation of CSA-MC, i had installed the CSAMC license file when it asked for it but i m unable to see the profiler option, plz help

    As I recall, that's the message you get if you try to run it and the license isn't installed. Check under Maintenance>License Information to see if Cisco Security Agent Profiler is listed there.

  • General question about csa

    Hi,
    Does the CSA cover buffer overflows from all applications?
    Thanks,
    Lisa G

    Hi Lisa,
    As far as I know CSA see all buffer overflows if you have the rule active and you haven't made an exception for an application.
    I have buffer overflow messages from a bunch of applications and made exceptions for around 40.
    HTH
    Tom

  • CSA MC Question

    We have implomented CSA MC into our network, We also currently use lotus Notes and have experainced quite a lot of issue with it with reagrds to rules and polices..
    Does anybody else use Notes with CSA..?

    Yes we do. And everything that is launched from within Lotus Notes is a problem. One way would be to remove nlnotes from the mail executable list, but then you lose all the csa mail related protections.

  • CSA 5.2.0225, Rule 576, and saving attachments in Outlook 2003

    We're in the process of migrating from 4.5.6139 to 5.2.0225; thus far, the migration is going extremely well - with one bizarre issue haunting my sleep.
    I started seeing this behavior about 2 weeks ago, on machines that (so far as I can determine) have not had any changes made (ie, the latest round of Windows Updates have not been applied, the machines are tightly controlled, no software has been installed). It also impacts some machines running CSA 4.5.6139.
    However, it does not impact ALL machines - only we have a couple machines that are not impacted.
    Versions of Outlook include 2000 and 2003; all machines are Windows XP Sp2, current with patches with the expcetion of August 2007 batch.
    Scenario: user opens an e-mail, and right clicks on an attachment to save it. When the common dialog control for saving as comes up, the "My Computer" icon is missing - replaced with the "blank" generic Windows icon, and CSA triggers rule 576, saying that Outlook.Exe attempted to access Explorer.Exe, and was denied.
    Additionally, the machine might display more icons as blank: for example, one of our admins has the ASA ASDM Launcher on his desktop, and that shows up with a blank icon in the save as dialog, and Rule 576 is triggered with "Outlook attempted to access ADSM.exe and was denied."
    In attempting to get a handle on this issue, I have put the entire "Untrusted Classification Content Module" into test mode, reset the agent on a test machine, and still rule 576 is triggered - which strikes me as bizarre, if I understand the triggering conditions correctly.
    Anybody have any thoughts?
    This is not a showstopper, but I'm concerned because I don't understand why this rule has started to get triggered when we have made no change to our environment.
    TIA.

    Tom,
    Not sure I quite understand.
    I'm looking at the MC, and see that "Untrusted Content Classification Module" is associated with the "Application Classification" poilcy, which is included as part of the "All Windows" group.
    I was operating under the assumption that, since it is included in this policy as part of "All Windows", this was the module responsible for doing the content classification. Indeed, if I turn on logging for some of the rules, it's pretty active - and pretty active in setting e-mail content as "untrusted".
    Rule 576, the one firing, is (according to the description), blocking access to @dynamic - dynamically quarantined files.
    My thought was that I could create exceptions so that common stuff like "excel.exe" would not be tossed into @dynamic, and hence, Outlook could access Excel.Exe, and display the appropriate icon for spreadsheets.
    But then I get all confoozled by the fact that I have some machines, with the same OS/SP/patch level, same AntiVirus, and same group membership in CSA, which do not exhibit this problem.
    (If you read closely, there's a question buried in all the above. I just can't quite get it out due to my ignorance with how CSA is working it's magic.)
    Thanks for taking the time to help with this.
    Bob

  • Facing short dumps when trying to open session in CSA

    Hi
    All am facing Short dump when i am trying to open session in CSA
    Error detials:
    go to System Administration workcenter  task management up CSA. Choose the Solution
    got short dump:
    Short text
        Length error occurred in IMPORT statement.
    What happened?
        Error in the ABAP Application Program
        The current ABAP program "SAPLDSVAS_PROC" had to be terminated because it has
        come across a statement that unfortunately cannot be executed.
    Error analysis
        An exception occurred that is explained in detail below.
        The exception, which is assigned to class 'CX_SY_IMPORT_MISMATCH_ERROR', was
         not caught in
        procedure "LOAD" "(METHOD)", nor was it propagated by a RAISING clause.
        Since the caller of the procedure could not have anticipated that the
        exception would occur, the current program is terminated.
        The reason for the exception is:
        During import the system discovered that the target object has
        a different length than the object to be imported.
    Missing RAISING Clause in Interface
        Program                                 SAPLDSVAS_PROC
        Include                                 LDSVAS_PROCTAI
        Row                                     1.431
        Module type                             (METHOD)
        Module Name                             LOAD
    Trigger Location of Exception
        Program                                 SAPLDSVAS_PROC
        Include                                 LDSVAS_PROCTAI
        Row                                     1.514
        Module type                             (METHOD)
        Module Name                             LOAD
    Please help me to solve this problem
    Regards,
    Neni

    Hello Neni
    According to the information I saw in that post it could be caused by a sort of inconsistency of the program code vs a structure.
    Wether that is a bug that is in your SAP Solution Manager release or something that is caused by administrative actions (perhaps solving SPAU entries after SP stack update or upgrade) I cannot tell.
    I would recommend you either try and find a relative SAP note (narrowing down result to only your SAP Solution Manager system) and searching using the dump keywords. If you cannot find anything I would recommend you to open a customer message so SAP can take a look at the specific error.
    If you give more information, perhaps someone on the forum can help you out abit better, which SAP Solution Manager version and so on.
    You also didn't answer my question, any recent changes you are aware of ?
    Kind regards
    Tom

  • MS Exchange Server and CSA 5.1

    Hi folks,
    i have a question about policies in CSA 5.1.where can i find a predefined modul for MS Exchange Mail Server ?

    hi scothrel,
    thanks i will do it..
    Klaus

  • CSA 5.1.0.88 security update?

    I could have sworn I read a recent Cisco PSIRT highlighting some CSA vulnerabilities and 5.1.0.88 was identified as the fixed version. However, I do not see that version available for download anywhere. My current CSA deployment is 5.1.0.74, although I don't even see THAT version listed for download. The most superior version is 5.1.0.69.
    To the point, what is the most updated version of CSA and where can I find it? Thanks.

    Never mind, answered my own question.
    Cisco lists the "CSA Hotfixes" at a separate URL from the main "Download CSAMC" link. Which, doesn't make any sense to me why they wouldn't have a unified resource for listing all versions. But, regardless - CSA main tracks can be found here:
    http://www.cisco.com/cgi-bin/tablebuild.pl/csa
    Hotfixes can be found here:
    http://www.cisco.com/cgi-bin/tablebuild.pl/csahf-crypto

  • CSA 5.1 Agent Installation on Microsoft Clusters with Teamed Broadcom NICs

    I'm searching all over Cisco.com for information on installing CSA 5.1 agent on Microsoft Clusters with Teamed Broadcom NICs, but I can't find any information other than "this is supported" in the installation guide.
    Does anyone know if there is a process or procedure that should be followed to install this? For example, some questions that come to mind are:
    - Do the cluster services are needed to be stopped?
    - Should the cluster be broken and then rebuilt?
    - Is there any documentation indicating this configuration is approved by Microsoft?
    - Are there case studies or other documentation on previous similar installations and/or lessons learned?
    Thanks in advance,
    Ken

    Ken, you might just end up being the case study! Do you have a non-production cluster to with?
    If not and you already completed pilot testing, you probably have an idea of what you want to do with the agent. Do you have to stop the cluster for other software installations? I guess you might ask MS about breaking the cluster it since it's their cluster.
    The only caveat I've seen with teamed NICs is when the agent tries to contact the MC it may timeout a few times. You could probably increase the polling time if this happens.
    I'd create an agent kit that belongs to a group in test mode with minimal or no policies attached to test first and install it on one of the nodes. If that works ok you could gradually increase the policies and rules until you are comfortable that it is tuned correctly and then switch to protect mode.
    Hope this helps...
    Tom S

  • CSA 5.1 and Mircrosoft Exchangeserver

    Hi folks,
    i have a question about policies in CSA
    Hi folks,
    where can i find a predefined modul for MS Exchange Mail Server in CSA 5.1 ?
    i see a lot of predefined moduls for linux but not for MS.
    thanks for your help
    Klaus

    I have run into the same issue. A solution that I used is to download the "Cisco Security Agent for IP communications", specifically, for unity (unity depends on exchange heavily) and import the policies/rules into the CSA MC. Then find the relevant policies/rules for exchange and copy them. Use the copies to make your own exchange policy. Here is the link to download the CSA for IP Communications: http://www.cisco.com/pcgi-bin/tablebuild.pl/unity3d
    Hope this helps
    M

  • CSA Queue problems

    Hi
    Gurus, I need some recomendation to improve the CSA´s queue processing in CRM system.
    The only applications set in CRM is Marketing Planning, Promotion, Segmentation and Master Data (Customer and Products). Well, I set up Middleware to transfered Customers and Materials from R3 to CRM only. Now we are in go live stage and  I´m  notice there are a lot queue created into Inbound Queue,  most of them (95%) are CSA* queue.
    I  guest that they are creations or updates of instances like:  Business Partner, Marketing Element and Planning, It is leading serious problem of performance issue. My question are:
    Why these queue are created,   if I don´t need replicated them to any system? more ever if  updates are already done on the instances!!!
    Does it possible to avoid CSA* be created?
    NOTE: I boosted the number of Work Process, but the processing is slow still!!!!
    Thank you, I will reward good points

    Complete the registration information for the Cisco Security Agent license keys by referring to License Key Registration steps
    Note: Make sure to enter your correct email ID, as your license keys will be emailed to you.
    When you receive your license from Cisco, copy it to the system where you are installing CSA MC, or to a file share accessible from the CSA MC system.
    You can copy the license to CSA MC during the product installation. During the installation, you are prompted to copy the license into the CSA MC directory. If you choose ''YES'', you can browse to the license file on the system (or in an accessible file share), save it, and continue the installation. Or you can choose ''NO'' when prompted and copy the license when the installation has completed and the system is rebooted.
    If you did not copy your license to the CSA MC directory when you were prompted during the installation, you can copy your license to CSA MC as shown:
    Click Maintenance in the menu bar and select License Information. The License Information window appears.
    Browse to the license file by clicking Browse.
    Once the license file is located, click Upload to copy the file into the CSA MC directory.
    The CSA license should appear as: csaxxxxxxxxxxx.lic , with the xs as placeholders for the numbers.

  • Re-install CSA after manual removal

    My client sent Microsoft's Hive Clean Tool out via SMS and one of the install settings from it caused CSA on all the remote laptops that received it to go into full lockdown mode.
    Thankfully it was only a pilot that 650 users received, but the only way to fix them was to fedex them all a CD that ran a manual removal of CSA using the steps from Cisco.
    Now that they are all back online, we'd like to re-install CSA. When running the original agent kit that installed it, we get a message 'unable to start CSAControl Service'. The service was removed during the manual removal, but is not installed again as a service during the install.
    Platform is XP Tablet. CSA is v. 4.03. We are running the install as an admin. Does anyone have any ideas on getting it to re-install successfully?
    Thanks.

    Where can I get clear evidence of the supported platforms for 4.03? This could be a good reason to go ahead and upgrade all 9,000 tablets in the field.
    Yes on the reboot question. We also have found that we can install 4.0 successfully. We'll see if we can get our hands on a 4.5 agent kit.
    Does anyone know how to totally erase all evidence that CSA was installed on a client? The manual removal was deleting registry keys and some DLLs, but that was not a total uninstall.
    Thanks.

  • CSA MC Events Log and Agent Panel Events Corrolation

    I have recently install CSA MC 6.0.0.201 and the agent on a Win2003 server. I have a question of events showing up in the agent panel and not showing up in the MC events log.
    I see a number of events in the agent 'panel' event viewer. At the end of the event is a number in brackets like [176].
    When I look at the MC event viewer but those events are not being reported.
    My query is:
    #1 I believe the example [176} is the rule being triggered. So if the event is not showing up in the event viewer how to I find that rule in the policies? I finally did stumble across the rule and I see that logging is disabled for that rule, but finding that rule was a needle in the haystack search. Is there an easier way to find rules?
    #2 Maybe I do not understand this part but in the MC I placed this server (the one with the MC) into 'Audit Mode' in hopes that would get the events from the agent to show up in the MC event log. No good. Is there a way to get all events - even if the rule says to not log the event - so show up in the MC log so I can creat an exception?
    Thanks
    Larry

    Tom,
    I think I may have made some progress. Yes I'm in advanced mode. I went into Systems | Groups and first selected the 'Servers' and turned on logging. Still most the events in the agent event viewer were not making it to the MC event log.
    So I went back in to the Systems | Groups and found there was a group called 'Servers - CSA Management Center' and turned on logging there and that got the events to start flowing into the MC events.
    Maybe this will help me get going.
    Larry

  • CSA v5.1 - v5.2 Upgrade

    Hello,
    Just a question on upgrade. When upgrading from CSA MC v5.1 -> v5.2, will the v5.1 client still report to the MC before the it is upgraded to v5.2? Thanks,

    Yes, your clients with the 5.1 agent will still report to the same CSA Management Center after you perform an upgrade to 5.2.
    Hope this helps.

  • CSA on Solaris 10?

    CSA 4.5.1 only lists Sol 8; 5.0 lists up to Sol 9.
    Is there an expected ETA for support on Solaris 10 or would one of the current CSA versions be okay to use?

    Hi
    I'd like to know also if CSA is available on Solaris 10. You asked this question in January. Do you have more information? The current version of CSA is 5.1 and it supports Solaris 8 and 9. Do you know of any plans to support Solaris 10?
    Alex

Maybe you are looking for

  • Can I still have multiple Facebook accounts available with ios 6?

    Guys, Since upgrading to ios 6 there seems to be no function for easily accessing multiple accounts on our iPad, am I missing something? Jon

  • Lorex Edge Client Software Crashing, OS-X 10.7.4

    Greetings, Has anyone had any issues with Lorex video security application "Edge Client Software"? Every time it is launched it crashed (dump below). Any input greatly appreciated. Thank you, Lyman Process:     Edge Client Software [2684] Path:      

  • How can I delete a email that I created that won't delete

    I have created an email in Mac Mail 7.3, I decided I did not want to send it, so I trashed it. I continues to show up in DRAFTS, I have 'sent to trash', I have erase deleted items under Mailbox's I have done more that I can't remember but I haven't b

  • AWP and "Mark Of The Web"

    I'm trying to add the "mark of the web" to the pages that run the web player and it causes the web player not to run for me. All I get is an outline box where the player should be. If I take that code out, it works as normal. Any ideas?

  • Can't Uncompress Downloaded Files

    How do you uncompress the files to start the installation process?? I downloaded the 9 files for the Linux 8i EE edition, but the instructions to uncompress the files is not working. HELP!!!!