Determining which policy is applying to a process is useful when trying to diagnose whether or not a policy is being applied correctly. Below are steps for the Arellia Management Server and Symantec Management Agent using Arellia 78.5 0 Application Control Agents.
...
- Open the Event Viewer on the agent machine.
- Navigate to Application and Service Logs > Arellia
- Look through the most recent events for log messages that say whether or not a policy applies to a specific process.If a policy does apply the Arellia Agent Logs
- If a policy is being applied to a process, then:
- The log message will read – "Policy {F289D632-9665-40B0-BC19-0FE8A899A107} (priority 45) applies to process 3468 via Process 3468 (C:\Location\NameOfApplication.exe) Source: CASMonitor Module: ArelliaACSvc.exe Exe: ArelliaACSvc.exe"
- You can look up the policy in the Security Manager by using the GUID from the log message like so: http://NameOfServer/Ams/SecurityManager#/Policies/f289d632-9665-40b0-bc19-0fe8a899a107
- If a policy does NOT apply the log message will read - : "No policies applies to process 2028 (C:\Location\NameOfApplication.exe) Source: CASMonitor Module: ArelliaACSvc.exe Exe: ArelliaACSvc.exe"You can look up the exact policy that is catching an application by navigating to http://NameOfServer/Ams/SecurityManager#/Policies/f289d632-9665-40b0-bc19-0fe8a899a107where after "policies/" is the GUID of the Policy that applied to a certain process.
Symantec Management Agent
- Logs for Arellia Application Control can be found in these locations.
- Using a Symantec Log Viewer the messages for whether or not a policy is applying to a process or not are the same as above.