How to determine if the policy is applying

Owned by Anonymous
Last updated: Feb 05, 2016 by Max Pinion (Deactivated)
1 min read

Determining which policy is applying to a process is useful when trying to diagnose whether or not a policy is being applied correctly. Below are steps for the Arellia Management Server and Symantec Management Agent using Arellia 7.5 Application Control Agents.

Arellia management server

  1. Open the Event Viewer on the agent machine.
  2. Navigate to Application and Service Logs > Arellia.
  3. Look through the most recent events for log messages that say whether or not a policy applies to a specific process.
    1. If a policy does apply the message will read – "Policy {F289D632-9665-40B0-BC19-0FE8A899A107} (priority 45) applies to process 3468 via Process 3468 (C:\Location\NameOfApplication.exe)  Source: CASMonitor Module: ArelliaACSvc.exe Exe: ArelliaACSvc.exe."
    2. If a policy does NOT apply the message will read - "No policies applies to process 2028 (C:\Location\NameOfApplication.exe)  Source: CASMonitor Module: ArelliaACSvc.exe Exe: ArelliaACSvc.exe"

Symantec management agent

  1. Logs for Arellia Application Control can be found in these locations.
  2. Using a Symantec Log Viewer the messages for whether or not a policy is applying to a process or not are the same as above.