Data Center Security

Hi All,

I am new to DCS, however i managed to learn all things.

I successfully worked on detection policy and the mails are getting trigerred as alerts.

Now i am working prevention policies.

I need a simple prevention policy which should block only the software installation. 

Tried the basic strategy, but it blocks SQL, IIS and more. do know how to customize the sandboxes.

can someone help me with clear steps to apply the prevention policy to block only the software installation.

Using DCS 6.5

Hi

Do you really need to use DCS 6.5 or can change to v6.7?

Basic policy is just protect DCS resources and well known OS processes.

The main question is what do you mean by software installation?

The java console allows you to manage policies. Usually you would create a folder for your policies in the policies/prevention view. Make a copy of a stock policy in the Symantec folder and drag it into your folder. To edit a policy you can right click and select Edit. This is the same as you do for Detection policies.

To start with prevention policies, the first thing is to go to the global options and disable prevention. This allows you to test policies without breaking things. Depending on the policy version, you may have to click on the Advanced button to see most option.

In the global options, you would initially also check the allow all users to run eventviewer and disable prevention. Also add Administrator to the list of users who can run the DCS tools.

Home/Sandboxes shows the pre-built sandboxes, Home/My Custom Sandboxes allows you to create your own.