Houston Security User Group

 View Only
Back to discussions
Expand all | Collapse all

App & Device Control Policy Upgrades

  • 1.  App & Device Control Policy Upgrades

    Posted Jul 09, 2012 04:12 PM

    Upgraded to 12.1 RU1 MP1 from 12.1 RU1 recently. Problem is that my Application and Device Control policies did not get upgraded. Anybody know a good way to get the list of blocked applications over into a new policy?

    I've tried exporting and importing the current policy, but it imports back the same as it exported - missing parts of the policy. I thought I might be able to copy the apps from the exported DAT file, but no, that file is encrypted.

    I thought that there was a table in the database that held that info, but I can't find it anymore. There may be a file somewhere, but where is it?



  • 2.  RE: App & Device Control Policy Upgrades

    Broadcom Employee
    Posted Jul 10, 2012 02:36 AM

    Hi,

    Have you taken DB backup prior to upgrade?

    If yes, restore DB backup in test environment and export the ADC policy.

    If no, you will have to create new policies again.



  • 3.  RE: App & Device Control Policy Upgrades

    Posted Jul 10, 2012 08:33 AM

    What difference will that make? It would be the same process. I export them now and when I import them back in, they're still missing the new settings.



  • 4.  RE: App & Device Control Policy Upgrades

    Broadcom Employee
    Posted Jul 10, 2012 09:10 AM

    Hi,

    If it was working prior to upgrade, Old DB backup should have ADC policy with all blocked applications.



  • 5.  RE: App & Device Control Policy Upgrades

    Posted Jul 10, 2012 10:12 AM

    I have all the blocked applications in the old policy. What I don't have is the new settings in the old policy. I'd like to be able to transfer the blocked applications to a new policy that has all the new settings. Export/Import doesn't work. Copy and Paste doesn't work. There doesn't seem to be a way to export just the list of blocked applications and import that list into a new ADC policy.

    I can't seem to find the ADC policy in a table. Exporting the policy puts it in an encrypted file, so I can't copy/paste from a file.

    I have a lot of apps that I'm blocking, and since you can't have two policies open at the same time, it's really hard to get that information into a new policy. Open the old policy, copy the app, close the old policy, open the new policy, paste the app, close the new policy and start all over again.

    I suppose I could copy and paste from the web console into the java console, but still, that's a lot of copy and pasting. There has to be a better way.



  • 6.  RE: App & Device Control Policy Upgrades

    Posted Jul 10, 2012 10:38 AM

    If it is worth it to you,  RDP to the test SEPM and open the old policy on it.

    Toggle with your session on the new SEPM, keeping both policies open.

    HTH 



  • 7.  RE: App & Device Control Policy Upgrades

    Posted Jul 10, 2012 11:14 AM

    It was an upgrade, so I don't have an old SEPM to toggle back and forth to.

    The ADC policies are still in place and still work. That isn't the problem. The problem is that the upgrade didn't upgrade the old ADC policies. There are more Application control settings in the new policies.

    It would appear that the only options are to either 1) Create a new policy and go through the lengthy and boring task fo copy and pasting blocked applications, or 2) Try to figure out all of the configurations for any of the new settings I may want to use and add them individually.

    Or, I guess I could just live with what I have and hope that the next upgrade doesn't blow away what I have.

    Here's the old policy:

    Here's the new policy:

    Clicking the Add button on this page takes you to another screen - same as editing one of the current settings - but you have to know what you want and how to configure it. It can be done, but if I want to create a Rule Set that matches those already in a new policy, I have to have two consoles open so I can match the settings. Or, I can open/create a new policy, copy everything down, close the new policy, open the old policy and create the new Rule Set. What a pain.

    I just want to know if there is an easy way to copy the blocked applications from an old policy into a new policy.



  • 8.  RE: App & Device Control Policy Upgrades

    Posted Jul 10, 2012 11:47 AM

    I wrote "test SEPM" not old SEPM,   meaning a test SEPM to which you restored the last DB save  from the previous SEPM,  similar to what Chetan posted.

    If you did not keep a DB save manually one could be in your network backup system.



  • 9.  RE: App & Device Control Policy Upgrades
    Best Answer

    Posted Jul 10, 2012 12:40 PM

    You can copy single rule sets from one ADC policy and paste it into another. Just right-click on a rule set and choose "Copy" or "Paste". You do not need to create new rules and conditions for applications.

    Unfortunately, it seems to work only with one rule set at the same time, but it's better that nothing.



  • 10.  RE: App & Device Control Policy Upgrades

    Posted Jul 10, 2012 01:38 PM

    If there is an "Idea" (enhancement request) posted to have a report or log in the SEPM that lets you dump a CSV report of some policies, I would vote for that.

    https://www-secure.symantec.com/connect/security/ideas

    There may already be an Idea up there but when I tried to search in Ideas the promising item was actually in the forum. I just voted for it anyway.  .

     

     



  • 11.  RE: App & Device Control Policy Upgrades

    Posted Jul 10, 2012 02:01 PM

    Just tried it on the Block Applications from running rule set. It actually kept all entries. Yea!

    It is a pain, but at least it's better than having to recreate everything from scratch.

    I didn't think about doing it that way because on the same right-click menu, the export exported the entire policy and not just the rule set.