Chapter 2 Deployment Planning
Policy Tuning and Troubleshooting
logging the behavior of the rules used by members of the Administrator group. Monitor policies can be used in clever ways to focus in on specific behavior without interrupting applications and services.
•Set up separate agent kits to support the different features of your pilot. For example, you might have some desktop kits that have all policies in test mode, some desktop kits with a basic set of
There are two general approaches to policy creation, and the approach you choose affects how you tune and troubleshoot the policies:
•Using the supplied Desktop and Server group policies plus a few
–<All <platform>>
–Desktops - All types or Servers - All types
–A
Servers - SQL Server 2000
Then, you attach each group to the following policies:
–A Virus Scanner policy. CSA supplies policies for Norton, McAfee, and Trend antivirus software. If you are using a different antivirus product, you might need to use the generic Virus Scanner policy, or clone it and make modifications to suit your virus scanner application.
–An Installation Applications policy. CSA supplies installation software policies for Windows, Linux, and Solaris.
Note If you do not attach antivirus and installation policies to each participating group of hosts, the CSA event logs will contain a large number of false positives, making it difficult to manage the pilot.
After attaching the Desktop and Server groups, Virus Scanner policy, and Installation Application policy, you are ready to create agent kits, start the pilot, examine the event log, and stage the next policy additions. For example, if you have a prioritized list of applications to protect, start with the first on the list, use the Analysis
|
| Installing Management Center for Cisco Security Agents 5.2 |
|
|
|
|
| ||
|
|
| ||
|
|
|
