Integrity 6.5 + PA

[woodpecker1]

Some experiences :)

6.5 (HFA-04)

-Firewall part is blocking programs what are already accepted in policy.
Exmaple "homemade" program xyz.exe.
Integrity recognize that xyz.exe is started, program is accepted in the policy and "changes frequently" flag is enabled, but still zyx.exe is blocked
In logs we can see that xyz.exe is blocked.

We have other "homemade" progams what are acting like above.

Seems to be so that these problems are related to fact, that programs are not located in computer where Integrity is running.
They are started from link what points to servers directory/path.

I must say that "changes frequently" flag is not working correctly.

Also Program advisor works/behave oddly.
PA have program list, wich have permissions, but example IE7 did get blocked, after IE:s security updates.
IE7 is accepted in policy + "changes frequently" is enabled, so it should work already because of that?
IE7 did start to work, after we save policy (what was already saved) and apply deployed.

Other blocks are also annoying.
They should be generally known to program Advisor.
Example Microsoft Office communicator, ultra edit, cisco vpn client, svchost.exe are blocked after few days of use (Integrity + PA)

Some of these "features" are also in 4.5, but seems to be so that once accepted programs are blocked later, even anything has not changed.
4.5 informs that version is changed.

Of course we can make all open local zone, but where to use PA then ?

[CSING]

Please be aware that changes frequently is ignored for progarms that are part of a program group.

Recommend that you use the appscan utility located on the server. This utility will create an xml file of skimp and checksums for the program files on your endpoints. Generally scan your base deployment and import these into reference files.

For programs that continue to be blocked you can use the same utility to scan the file and compare checksums with what your reference file has.