Determining which policy is applying applied to a process is useful when trying to diagnose diagnosing whether or not a policy is being applied correctly. Below are steps for the Arellia Management Server and Symantec Management Agent using Arellia 8.0 Application Control Agents.
...
To determine which policy is applied, do the following steps:
- Open the Arellia Agent Logs (for details, go to Viewing the Agent Logs).
- If a policy is being applied to a process, then:
- The log message will read – "Policy {F289D632-9665-40B0-BC19-0FE8A899A107} (priority 45) applies to process 3468 via Process 3468 (C:\Location\NameOfApplication.exe) Source: CASMonitor Module: ArelliaACSvc.exe Exe: ArelliaACSvc.exe."
- You can look up the policy in the Security ManagerManager Console by using the GUID from the log message like so: http://NameOfServer/Ams/SecurityManager#/Policies/f289d632-9665-40b0-bc19-0fe8a899a107
- If a policy does NOT apply not apply the log message will read: "No policies applies to process 2028 (C:\Location\NameOfApplication.exe) Source: CASMonitor Module: ArelliaACSvc.exe Exe: ArelliaACSvc.exe."