Mark Snell

This problem is still happening. How can we get it escalated please?

For the last two weeks or so, this has been happening on one-off, random clients. Before that, the messages were for "Unknown" computers - so it's hard to say, really. However, when I investigated the logs, there didn't seem to be any pattern to it. This has been going on for at least 8 months, possible longer.

Thanks for your response, Marcos. I'm not sure how to send this info... Do you mean export part of the policy as xml? Pls excuse my ignorance!

We have around 500 EndPoint Antivirus clients using Device Control, around 50 or so rules in a global policy. Occasionally (approx. once or twice per day) we are getting error messages similar to this: %ProductName%: Error 6/11/2014 7:59:16 AM - During execution of on the computer PC1724, the following warning occurred: The imported configuration contains a rule with invalid data. I cannot reproduce the problem at will (seems to be resolved by a reboot). There seems to be no common factor other than the policy that is running (same as most other clients) Client versions are 5.0.2214 or 5.0.2228, OS is XP or Win 7 (all with latest patches) I am guessing this is caused by a device control rule but how can I diagnose which one? Any ideas please?

We have deployed EEA 5.0.2214 across our estate of about 500 XP SP3 clients - default settings for HIPS (enabled, automatic mode with rules) but no rules defined. I have just switched on "Log all blocked operations" in client policy and I am seeing quite a lot of activity in the HIPS logs - 4000 so far today, mainly Self Defense blocking registry deletes by Services.exe... Is this normal? We use SCCM to deploy software and updates to clients, could HIPS / Self defense be interfering with the normal registry cleanup process? Any advice appreciated, thanks Mark