Workstation Issues
This topic is intended to assist users in troubleshooting issues (such as policies not yielding expected results) from an workstation that has the IBM Security agent installed on it.
Policy Troubleshooting
If there is an issue with policies not getting updated on the workstation, or specific files or applications not being elevated or blocked, please use the information below to help determine what is causing the issue.
Policies Not Getting Updated
If policies are not getting updated on the workstation, there could be a communication issue between the machine that has the agent installed on it and the web server. The best way to determine if there is a communication issue would be to open the Agent Utility on the workstation as described in the previous section, and then do the following:
- Click Status and see if there are any errors shown.
- Click Register and check for errors shown there.
- Click Update and check for errors there as well.
If there is an issue with the workstation communicating with the web server, there will be errors displayed in red after those selections.
Specific Files or Applications Not Being Elevated or Blocked
If specific files or applications are not being elevated or blocked properly, then you will need to look in the Agent Logs on the workstation. You can open the logs by first opening the Agent Utility on the workstation. Once that is open, select View Logs to bring up the Agent Log Viewer.
The Agent Log Viewer is very helpful for troubleshooting issues with policies not applying correctly. In the log, you can see if a policy applied to a certain process, and if so, what policy applied to that process. You can also see if there was no policy that applied to that specific process.
For example, in the screen shot below of the Agent Log Viewer, you will see a policy called Block Notepad - Deny Application Execution Policy that has been applied to the workstation.
The highlighted entry on this screen shot shows that the Block Notepad - Deny Application Execution Policy was triggered when Notepad was opened. Double-click the log entry to see further details as shown below. This shows the exact process that met the criteria of the policy and shows the priority number of that policy. The policy priority is useful information if the application continues processing through multiple policies.
With this information, you know that the policy applied to the Notepad process correctly. If there were other policies that applied to that same process, you would see them in the Log Viewer as well. There are certain situations in which clients will apply multiple policies to the same process. When troubleshooting issues with certain files or applications, the Log Viewer is a valuable tool to use.
If there is no policy that applies to a certain process, the Agent Log Viewer shows you that as well. In the screen shot of the log viewer, presented above in this section, you can notice entries showing that there are some processes to which no policies apply.. Entries that begin with “No policies applies to process...” indicate that no policy was triggered when the application executed on the endpoint. If a client says that a specific file or application is not being blocked or elevated, then in the Log Viewer you can see what process is running when they launch the application and whether a policy is applying to that process.
If there are any errors in the Log Viewer, they are shown in red. Warnings are shown in blue, and Informational messages are shown in black.