We've been using Proventia Desktop (BlackICE) for about 4-5 years. We
have about 600 systems deployed at any given point which run it. We also
are using AD with extensive group policy changes. Those group policies
are always being altered and then the changes are propagated throughout
the network. There's a few ways you could do what you ask. But yes it
will work fine.
1. Insert the IP or IPs of the server(s) that send out changes into the
PD's "trust list". Then those IPs will not be challenged.
2. Open any ports needed so when the policy changes come the workstation
will not challenge the traffic. PD has a couple "default" policies
(trusted, cautious, nervous and paranoid). These policy levels have
different port groups allowed or blocked. For example I think cautious
allows 1-1024TCP but nothing higher but nervous blocks even below 1024.
I don't know something like that. Either way those are completely
changeable.
One BIG issue which I recently discovered: When the upgrade from v7.x to
v8.x (BlackICE changed to PD) ISS added a handful of new features such
as 1) "do not allow user to stop PD service", 2) "Do not allow PD config
files to be altered", 3) "Password required to perform #1 and #2 and a
few more things. When they say do not allow svc to be stopped THEY MEAN
IT. The start/stop from Microsoft's "Manage" util. is grayed out ALL the
time. You have to use the PD GUI app to start or stop. The BIG BIG
problem is if you are remote. What if you are remotely administrating
the system? What if you are in the next office or in China and you want
to remotely stop PD? You can't, it's grayed out. You MUST either be at
the desktop or able to remote controlling the desktop. No big deal you
say? Well, if you are trying to stop the PD svc. then most likely it is
because it's blocking something you don't want...like you! I rolled this
out to about 12 systems as a test and I was so glad. I managed to get
blocked by all 12 and I could not stop the svc so I could get to the
systems and fix them. They even blocked our corp. Sitepro server. ISS is
aware of my issue and told me if I ever need to remotely manage a system
then maybe those features aren't for me. Dumb answer. What admin doesn't
remotely manage systems? I have those features turned off now. It would
have been a nightmare if I had pushed this out to 600+ systems and they
all locked themselves out of everything.
The spyware feature is new and although I have it on I can't say that
I've seen it do anything good or bad yet. I suspect it will block pretty
well but it's hard to believe it's as powerful as the new Spybot.
David
-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf Of Bill Wharton
Sent: Wednesday, July 20, 2005 9:50 PM
To: issforum@iss.net
Subject: [ISSForum] Proventia desktop
1) does proventia desktop work well with Active directory group
policy
edits? For example, an AD administrator should be able to centrally
control
all workstations deployed with PD and do things like change the
wallpaper or
screen saver, etc
2) what are the spyware capabilities of PD? Are they as good as
commercial anti-spyware utilities like adaware?
Thx
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
