Endpoint Protection

Expand all | Collapse all

Problem with System Lockdown for Oracle application

  • 1.  Problem with System Lockdown for Oracle application

    Posted 01-21-2020 09:48 AM

    Hi all,

     

    Seeking assistance with implementing Symantec System Lockdown on a Windows 2012 R2 server that runs Oracle Database 11g Enterprise release 11.2.0.4.0 64 bit edition.

    Whitelist listening mode produces below calling application and target and hash value as an example. This happens for all the oracle calling processes on the server

    D:\oracle\product\11.2.0\dbhome_1\BIN\tnsping   D:\oracle\product\11.2.0\dbhome_1\perl\bin\perl.exe  Target MD5=00000000000000000000000000000000

    Appending the above as a whitelist item does not whitelist the application. Listening mode logs the item as an unapproved application.

    Adding a whitelist hash for perl.exe also does not work. Listening mode in lockdown logs the same result.

    Have tried putting in an File Name exception of D:\Oracle\* but this does not work either

    Thanks and regards.

     



  • 2.  RE: Problem with System Lockdown for Oracle application

    Posted 01-21-2020 07:59 PM

    You should open a Support case for this issue.