Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Determining which policy is applying to a process is useful when trying to diagnose whether or not a policy is being applied correctly. Below are steps for the Arellia Management Server and Symantec Management Agent using Arellia 7.5 Application Control Agents.

Arellia Management Server

  1. Open the Event Viewer on the agent machine.
  2. Navigate to Application and Service Logs > Arellia
  3. Look through the most recent events for log messages that say whether or not a policy applies to a specific process.
    1. If a policy does apply the message will read – "Policy {F289D632-9665-40B0-BC19-0FE8A899A107} (priority 45) applies to process 3468 via Process 3468 (C:\Location\NameOfApplication.exe)  Source: CASMonitor Module: ArelliaACSvc.exe Exe: ArelliaACSvc.exe"
    2. If a policy does NOT apply the message will read - "No policies applies to process 2028 (C:\Location\NameOfApplication.exe)  Source: CASMonitor Module: ArelliaACSvc.exe Exe: ArelliaACSvc.exe"
  4. You can look up the exact policy that is catching an application by navigating to http://NameOfServer/Ams/SecurityManager#/Policies/f289d632-9665-40b0-bc19-0fe8a899a107
    1. where after "policies/" is the GUID of the Policy that applied to a certain process.

Symantec Management Agent

  1. Logs for Arellia Application Control can be found in these locations.
  2. Using a Symantec Log Viewer the messages for whether or not a policy is applying to a process or not are the same as above.
  • No labels