Symantec Critical System manual Migrating legacy detection policy files

Migrating legacy detection policy files

Your legacy detection policy files may have both enabled and disabled rules. The enabled and disabled status of the rules is also migrated.

Migration involves understanding the following processes and concepts:

■Converting legacy detection policy files

■Importing the zip file

■Creating a new policy

■Validating your rules

■Validating rule types and criteria

■About configuring an option group

■Compiling your policy

■Applying policies created and compiled in the authoring environment

Before attempting migration, you should be comfortable with using the

Symantec Critical System Protection authoring environment.

See the Symantec Critical System Protection Authoring Guide for instructions creating and compiling detection policies.

You must also understand rule types, which is a new feature.

Converting legacy detection policy files

You run the policy conversion utility from a command prompt. The syntax is as follows:

ITAHIDSpolicyMigration.exe <sourceFolderPath> <destFolderPath>

The policy conversion utility eliminates spaces in policy and rule names, and supports conversion to policy files. This is accomplished using command line switches.

The -p switch converts legacy detection policy files to Symantec Critical System Protection detection policy files, and creates option groups for the policy so that you can see the policy rules with the management console. The OS switches convert OS-specific policies; if you do not specify an OS switch, then the migrating ITA policies will be converted as Windows policies.