69Installing Symantec Critical System Protection on Windows
Temporarily disabling Windows agents
C:\Program Files\Symantec\Critical System Protection\Agent\IPS\bin
To reset the prevention policy
1 On the agent computer, open a command prompt.
2 At a command prompt, type the following command, and then press Enter:
sisipsconfig -r
------------------------------------------------
Agent Configuration Tool version 5.0.0.240
------------------------------------------------
The agent will now use the built-in policy
c:\>
3 Reboot the agent computer, and then start the management console.
In the management console, on the Assets page, the agent is marked with an
exclamation point (!) to indicate a policy error. When you select the agent,
the following message appears in the Details pane, on the Policies tab:
! Policy Errors:
** Policy error has occurred at 17-Nov-2005 05:55:56 EST
Driver is using the built-in policy and not the assigned policy.
4 In the management console, apply the desired policy to the agent, and then
give appropriate permissions to the desired programs.
Temporarily disabling Windows NT agents
Because Windows NT Server does not provide a safe mode startup, you cannot
temporarily disable agents that run on Windows NT Server by booting the agent
computer in safe mode and then resetting the prevention policy.
To temporarily disable agents that run on Windows NT Server, you create an
alternate hardware profile with the following drivers disabled:
■ Symantec IPS driver
■ Symantec IPS TCP filter driver
■ Symantec IDS Registry driver
Warning: Use the alternate hardware profile method only if you cannot disable
intrusion prevention using other methods. You must create the alternate
hardware profile before using Symantec Critical System Protection with
intrusion prevention enabled.
To temporarily disable Windows NT agents, you must disable intrusion
prevention on the agent.