Video Screencast Help

App & Device Control Policy Upgrades

Created: 09 Jul 2012 • Updated: 10 Jul 2012 | 10 comments
This issue has been solved. See solution.

Upgraded to 12.1 RU1 MP1 from 12.1 RU1 recently. Problem is that my Application and Device Control policies did not get upgraded. Anybody know a good way to get the list of blocked applications over into a new policy?

I've tried exporting and importing the current policy, but it imports back the same as it exported - missing parts of the policy. I thought I might be able to copy the apps from the exported DAT file, but no, that file is encrypted.

I thought that there was a table in the database that held that info, but I can't find it anymore. There may be a file somewhere, but where is it?

Comments 10 CommentsJump to latest comment

Chetan Savade's picture

Hi,

Have you taken DB backup prior to upgrade?

If yes, restore DB backup in test environment and export the ADC policy.

If no, you will have to create new policies again.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

dsmith1954's picture

What difference will that make? It would be the same process. I export them now and when I import them back in, they're still missing the new settings.

Chetan Savade's picture

Hi,

If it was working prior to upgrade, Old DB backup should have ADC policy with all blocked applications.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

dsmith1954's picture

I have all the blocked applications in the old policy. What I don't have is the new settings in the old policy. I'd like to be able to transfer the blocked applications to a new policy that has all the new settings. Export/Import doesn't work. Copy and Paste doesn't work. There doesn't seem to be a way to export just the list of blocked applications and import that list into a new ADC policy.

I can't seem to find the ADC policy in a table. Exporting the policy puts it in an encrypted file, so I can't copy/paste from a file.

I have a lot of apps that I'm blocking, and since you can't have two policies open at the same time, it's really hard to get that information into a new policy. Open the old policy, copy the app, close the old policy, open the new policy, paste the app, close the new policy and start all over again.

I suppose I could copy and paste from the web console into the java console, but still, that's a lot of copy and pasting. There has to be a better way.

John Cooperfield's picture

If it is worth it to you,  RDP to the test SEPM and open the old policy on it.

Toggle with your session on the new SEPM, keeping both policies open.

HTH 

dsmith1954's picture

It was an upgrade, so I don't have an old SEPM to toggle back and forth to.

The ADC policies are still in place and still work. That isn't the problem. The problem is that the upgrade didn't upgrade the old ADC policies. There are more Application control settings in the new policies.

It would appear that the only options are to either 1) Create a new policy and go through the lengthy and boring task fo copy and pasting blocked applications, or 2) Try to figure out all of the configurations for any of the new settings I may want to use and add them individually.

Or, I guess I could just live with what I have and hope that the next upgrade doesn't blow away what I have.

Here's the old policy:

Here's the new policy:

Clicking the Add button on this page takes you to another screen - same as editing one of the current settings - but you have to know what you want and how to configure it. It can be done, but if I want to create a Rule Set that matches those already in a new policy, I have to have two consoles open so I can match the settings. Or, I can open/create a new policy, copy everything down, close the new policy, open the old policy and create the new Rule Set. What a pain.

I just want to know if there is an easy way to copy the blocked applications from an old policy into a new policy.

John Cooperfield's picture

I wrote "test SEPM" not old SEPM,   meaning a test SEPM to which you restored the last DB save  from the previous SEPM,  similar to what Chetan posted.

If you did not keep a DB save manually one could be in your network backup system.

greg12's picture

You can copy single rule sets from one ADC policy and paste it into another. Just right-click on a rule set and choose "Copy" or "Paste". You do not need to create new rules and conditions for applications.

Unfortunately, it seems to work only with one rule set at the same time, but it's better that nothing.

SOLUTION
dsmith1954's picture

Just tried it on the Block Applications from running rule set. It actually kept all entries. Yea!

It is a pain, but at least it's better than having to recreate everything from scratch.

I didn't think about doing it that way because on the same right-click menu, the export exported the entire policy and not just the rule set.

 

John Cooperfield's picture

If there is an "Idea" (enhancement request) posted to have a report or log in the SEPM that lets you dump a CSV report of some policies, I would vote for that.

https://www-secure.symantec.com/connect/security/ideas

There may already be an Idea up there but when I tried to search in Ideas the promising item was actually in the forum. I just voted for it anyway.  .