AnsweredAssumed Answered

Process Protection Policy Failure

Question asked by bbenny on Jun 1, 2015
Latest reply on Jun 15, 2015 by Vinay Kumar Reddy Karri

Dear Community

 

I'm trying out a policy to protect the cmd.exe console and when checking the protection, the policy is not working and the status of recorded event is as follows:CA ControlMinder Access mask removal notification.

 

Please if you could help me with this problem.

 

Sending the code of politics and the image of the endpoint audit logs.

 

Policy

---------

Script de Implementacion

------------------------------------

#Definicion de variables
er ACVAR CMCMD value(cmd.exe)
#Configuracion de politica de proteccion de proceso
editres PROCESS <!CMCMD> owner(nobody) defaccess(none)

 

Script de Anulacion de Implementacion

------------------------------------------------------
#Removiendo recurso de tipo archivo
rr PROCESS <!CMCMD>

 

PoliticaProteccionDeProcesoFalla.png

 

Thanks in advance for your help.

Outcomes