Symantec Privileged Access Management

 View Only
  • 1.  About TDI filter question

    Posted 3 days ago
    [Environment]
    CA PAM 4.0.1

    [Question]
    After installing SFA, a warning message is generated in Windows syslog file.
    =====
    TDI filter (\Driver\XcdmTDIFlt)  was detected.
    This filter has not been certified by Microsoft and may cause system instability.
    =====

    Do you know how not to show the message?
    It is effective that we disable UEFI secure boot?
    Also, I think that Microsoft's Transport Driver Interface (TDI) is using within PAM SFA.
    Has Broadcom confirmed its safety?

    Best regards,
    Marubun


  • 2.  RE: About TDI filter question

    Broadcom Employee
    Posted 3 days ago
    Hello, Can you clarify what Windows release you have the SFA installed on? A new Microsoft certified driver is included in PAM 4.0.2 and newer for Windows releases 2012 R2 and newer, see enhancement The PAM Access Agent and and Socket Filter Agent Certified by Microsoft to Work in a Windows Secure Boot Environment.


  • 3.  RE: About TDI filter question

    Posted 3 days ago
    Edited by MARUBUN SUPPORT 3 days ago
    Hi,

    I will check the Windows release version.
    Just to be sure, please let me ask you a question.
    If we use newer for Windows Release 2012 R2 and PAM 4.0.2 and newer, we should not see the message.
    Correct?
    Also, even if we see the warning message, it is no problem, isn't it? 

    Best regrads,
    Marubun




  • 4.  RE: About TDI filter question

    Posted 2 days ago
    In additional question:

    We cannot upgrade to 4.0.2 and OS.
    In this case, we must disable secure boot.
    It is correct, isn't it?

    Best regards,
    Marubun


  • 5.  RE: About TDI filter question

    Broadcom Employee
    Posted 2 days ago
    Yes, with the newer PAM versions and current Windows releases there should be no problem. You may not be going to 4.0.2, but you will have to upgrade to 4.1.X very soon, because 4.0 reaches End Of Service in three months, see the PAM Release and Support Lifecycle Dates page.


  • 6.  RE: About TDI filter question

    Posted 2 days ago
    HI Ralf,

    >Yes, with the newer PAM versions and current Windows releases there should be no problem.

    Thank you.
    However, I'm waiting for the answers of the following questions.

    :Even if we see the warning message, it is no problem, isn't it?
    :If we cannot upgrade PAM and OS and if we don't want to see the warning message, we have to disable secure boot.
    It is no problem, isn't it?

    Best regards,
    Marubun


  • 7.  RE: About TDI filter question

    Broadcom Employee
    Posted 2 days ago
    I'm not aware of an actual problem with the older driver. Whether or not you disable secure boot is a decision you have to make.


  • 8.  RE: About TDI filter question

    Posted 2 days ago
    Hi,

    >Whether or not you disable secure boot is a decision you have to make.

    I would like to know if the warning message is not showed if we disable secure boot.
    Correct or not?

    Best regards,
    Marubun


  • 9.  RE: About TDI filter question

    Broadcom Employee
    Posted 2 days ago
    I assume so, but I don't have such a setup. Maybe someone else in this community can chime in.


  • 10.  RE: About TDI filter question

    Posted 2 days ago
    HI Ralf

    Thank you very much.

    Marubun,