Critical System Protection

 View Only

Symantec DCS Policy Utility v1.0 

Apr 21, 2016 05:48 PM

Symantec DCS Policy Utility v1.0.0.11 For Windows OS (Note .NET Framework 4.5 is required)

Designed to help you tune your policy by processing the log files from an Agent.

There's a getting started tab that explains the best steps to get the logs and events you need to troubleshoot your policy.

The program does not make any changes to the machine or policy. It parses the sisidsevents and sisrtevents log files.

How does the utility work for the real time events?

The utility will parse the log file, create an id based on policy id, process path, target, sandbox, network src/dst (ip and port), and module. It uses that to remove duplicated events.

After the utility finishes loading and parsing, it will display a Grid View of the events, filtered down by only unique events, and mulit-column sorted on policy id, then sandbox, then type, then process, then target, then module.

What to search for
If prevention is disabled, search for [EVENT_TYPE]=Warning,[DISPOSITION]=Allowed
if prevention is enabled, search for [DISPOSITION]=Denied

 

This utility includes cmdmatch.exe to help test out argument matching in policies

v1.0.0.10 - Add's in the test option to Argument Match Utility, and add's support for the "?" character in IDS Windows Event Argument Testing
v1.0.0.11 - Clarifies the use of wildcards and ? in Windows Event Argument Testing
v1.0.0.12 - Added in the Show Details field option and fixed an event status parsing issue during log processing.
v1.0.7.201 - Added in support for Symantec Cloud Workload Protection event processing
v1.0.7.202 - Added automatic masking for % characters within arguments

Statistics
0 Favorited
16 Views
6 Files
0 Shares
13 Downloads
Attachment(s)
zip file
Symantec_DCS_Policy_Utility_v1.0.0.10.zip   232 KB   1 version
Uploaded - Feb 25, 2020
zip file
Symantec_DCS_Policy_Utility_v1.0.0.11.zip   232 KB   1 version
Uploaded - Feb 25, 2020
zip file
Symantec_DCS_Policy_Utility_v1.0.0.12.zip   243 KB   1 version
Uploaded - Feb 25, 2020
zip file
Symantec_DCS_Policy_Utility_v1.0.0.9.zip   231 KB   1 version
Uploaded - Feb 25, 2020
zip file
Symantec_DCS_Policy_Utility_v1.0.7.201.zip   238 KB   1 version
Uploaded - Feb 25, 2020
zip file
Symantec_DCS_Policy_Utility_v1.0.7.202.zip   238 KB   1 version
Uploaded - Feb 25, 2020

Tags and Keywords

Comments

Apr 21, 2016 05:55 PM

SWEET!  This is a great tool.  Thanks Jim!

Related Entries and Links

No Related Resource entered.