Symantec Critical System manual Temporarily disabling Windows NT agents

C:\Program Files\Symantec\Critical System Protection\Agent\IPS\bin

To reset the prevention policy

1On the agent computer, open a command prompt.

2At a command prompt, type the following command, and then press Enter: sisipsconfig -r

------------------------------------------------

Agent Configuration Tool version 5.0.0.240

------------------------------------------------

The agent will now use the built-in policy c:\>

3Reboot the agent computer, and then start the management console.

In the management console, on the Assets page, the agent is marked with an exclamation point (!) to indicate a policy error. When you select the agent, the following message appears in the Details pane, on the Policies tab:

! Policy Errors:

**Policy error has occurred at 17-Nov-2005 05:55:56 EST Driver is using the built-in policy and not the assigned policy.

4In the management console, apply the desired policy to the agent, and then give appropriate permissions to the desired programs.

Temporarily disabling Windows NT agents

Because Windows NT Server does not provide a safe mode startup, you cannot temporarily disable agents that run on Windows NT Server by booting the agent computer in safe mode and then resetting the prevention policy.

To temporarily disable agents that run on Windows NT Server, you create an alternate hardware profile with the following drivers disabled:

■Symantec IPS driver

■Symantec IPS TCP filter driver

■Symantec IDS Registry driver

Warning: Use the alternate hardware profile method only if you cannot disable intrusion prevention using other methods. You must create the alternate hardware profile before using Symantec Critical System Protection with intrusion prevention enabled.

To temporarily disable Windows NT agents, you must disable intrusion prevention on the agent.