Hi there, I'm currently trying to define a policy for Real Secure Desktop Protector 3.6ebm within Real Secure Site Protector 2.0 SP1 and I'm faced with some issues:
1. I understand that when using RSDP with a policy based on RSSP 2.0 SP1 the RSSP is referenced by ip address instead of its FQDN for security reasons in icecapset.ini (BTW: in blackice.ini the name is not changed to ip address) but is there a chance to revert that behaviour temporarily when moving RSSP to a new ip address? Or is there another recommended way to tell mobile clients which are using RSDP to use the new RSSP ip without the need to put hands on every mobile client, ideally with the next policy update (ok you don't get 100% with that but even 90% are better than 0% ;) 2. It is said in the docu and in ISS knowledge base that when creating a policy with "Lock SiteProtector Reporting" enabled RSDP will store events locally in poster-list.csv if RSSP is unavailable , and when RSSP is available again those events are sent to RSSP. But all my tests showed no poster-list.csv and no alerts have been sent after reestablishing the connection. Also in blackd.log some posterlist.* parameters are set as expected (see below) except that the primary parameter "posterlist" is not found, and when putting it into blackice.ini or icecapset.ini it is said to be an unknown parameter although referenced in the Blackice Advanced Administrator Guide. posterlist.combine = enabled posterlist.combine.targets = disabled posterlist.combine.maxtime = 86400 seconds posterlist.combine.maxcount = 1000000 posterlist.overwrite = disabled posterlist.listsize = 50 posterlist.filename = poster-list.csv posterlist.spoof.check = enabled posterlist.spoof.timeout = 10 seconds 3. Is there any documentation on how I can configure Desktop Controller's action file to send a self-defined email and/or execurtable. I can define e.g. to use winpopups (using net send blablabla) but don't know how I can provide parameters like event name, time, sensor etc. like you can do with global responser (like using <AlertName>). I did not find any hint in either the docs or the iss knowledgebase. 4. Has anyone been already faced with a RSDP crash? After updateing the policy with a winpopup based new action it crashed (this has not been reproducable though, and I don't think this would affect RSDP because this only affects RSSP's event handling), so there may be most likely some other reason. Here's the corresponding blackd.log message: EX::Mon, 26 May 2003 14:47:57: *** BIMiddlewareX.run() CRASH *** (throwing...)<fire> Any hint is highly appreciated! Thanks for your time, Sandro _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
