Policy violation by client

system · January 11, 2010, 3:00pm

(imported topic written by sharad91)

Hi,

We have several groups configured in the BIGFIX server, and one of the group is USB blocked. In the USB block group we have blocked the USB devices.

Issue :

The BigFix server was running out of disk space, since we wanted to move the server to another partition and we were successful in that. During the activity at least for 2 days the BigFix server was not available for clients and clients were able to access the USB devices even though USB devices are blocked.

My queries are :

The USB block policy resides in the client or not ? (After applying the policy to the client)
When the USB block policy is applied, if the client is unable to reach the BigFix server, then is USB device will be blocked or allowed ? (In our case USB were allowed)

Best Regards

Sharad

BenKus · January 12, 2010, 5:31am

(imported comment written by BenKus)

Hi Sharad,

The agents keep local policies and they should not require the BigFix Server to enforce the policies. I am not sure what happened, but we can look into it by looking at the agent logs or running some tests with disconnected agents…

Are you using the Fixlets from the Security Policy Manager site to block the USB drives? If so, the OS (not the BigFix Agent) is in charge of preventing USB access.

Ben

system · January 12, 2010, 7:30am

(imported comment written by sharad91)

Hi Ben,

Using fixlet the USB are blocked.

What all tests can we run on the disconnected agents ?

Sharad