Data Center Security

Hello,

I use the DCSSA 6.5 for applying on Windows XP and Windows 2003 Server Client. For the Client I choose the Windows Limited Execution prevention policy.

Now I am configurating the policy for my use. During the configuration I get the warning that C:\Windows\Explorer.exe wants to read a file. The responsible process set, which throw this warning, is int_stdpriv_ps.

So I tried to search the process set und change the policy rules but there isnt such process set and there isnt the Default Interactive Program Options.

So what you would prefer to do now? Should I add a custom sandbox for solve the issue?

Sorry for my bad english. I please to ignore it.

It sounds like (but I can't be sure) that you're using a policy designed for an older agent.  Can you confirm the version of the agent deployed?  Can you also tell us the minimum agent required for the policy that you are deploying?

I'm wondering why you are not using a 6.0 policy.  Is there a reason you need to stay on the older version of the policy?  If not, please consider deploying the newer policy.

Regards

Will

You are right but in my mind there is only the agents version 5.2.9 for Windows XP and Windows 2003 Server.

The minimums agent required is 5.2.9 and on my client there ist installed the agent 5.2.9 (Build 841).

I would like to take the higher policy version if there are newer clients.

Regards

I'm researching why that PSET is missing from the GUI on the Limited Execution policy.  The Strict policy has that PSET exposed.

You can use newer policies on Win2k3, if you are using R2.  See platform feature matrix in the docementation folder of the DCS install media for details.

XP SP1 is frozen at earlier releases but if you have SP2 or later you can use a 6.0 policy.

Same goes for Win2003.  SP1 is frozen but if you have SP2 or Win2003 R2 they're fully supported.

Will