70 Installing Symantec Critical System Protection on Windows
Temporarily disabling Windows agents
Use one of the following methods to disable intrusion prevention on the agent:
■ Start the management console, and set the policy for the target agent to the
Null prevention policy (sym_win_null_sbp).
■ If the policy on the computer that runs the agent is not Null and permits
policy override, use the policy override tool to disable policy prevention.
See the Symantec Critical System Protection Policy Override Guide.
■ On the agent computer, run the sisipsconfig.exe tool with the -r option, and
then restart the computer.
See “Resetting the prevention policy to the built-in Null policy” on page 68.
To temporarily disable Windows NT agents
1 Disable intrusion prevention on the agent computer.
2 To create a new hardware profile on the agent computer, do the following:
Click Start > Settings > Control Panel > System.
Click Hardware Profiles.
In the Available Hardware Profiles pane, select Original Configuration, and
then click Copy.
Type a name for the new hardware profile, and then click OK.
3 To disable the Symantec IPS driver for the new hardware profile, do the
following:
Click Start > Settings > Control Panel > Devices.
Select Symantec IPS Driver, and then click HW Profiles.
Select the new hardware profile that you created, and then click Disable.
Click OK.
4 To disable the Symantec IPS TCP filter driver for the new hardware profile,
do the following:
Click Start > Settings > Control Panel > Devices.
Select Symantec IPS TCP Filter, and then click HW Profiles.
Select the new hardware profile that you created, and then click Disable.
Click OK.
5 To disable the Symantec IDS Registry driver for the new hardware profile,
do the following:
Click Start > Settings > Control Panel > Devices.
Select Symantec IDS Registry Driver, and then click HW Profiles.
Select the new hardware profile that you created, and then click Disable.
Click OK.
6 Boot the agent computer using the new hardware profile.