Hello,
Any idea here? Basically, our issue is the fact that, when a New filter is
created and overwrite an existing one, we cannot understand why the GUID of
the new filter is not the final one, but the GUID of the New Filter is the
GUID of the original one that has been overwritten.
It means that if you use a software policy with a Target --> Filter, when
the filter is overwritten adding ALL DEVICES but keeping the original GUID,
the Policy then will contain ALL DEVICES.
Please, any ideas will be very welcome.
Best Regards / Saludos
___________________________
PABLO LLORENTE ABAD
EMEA Workplace Services , Workplace Specialist
Calle Albasanz 14, 4th floor
Madrid , Spain
Mobile +34 672746460
*
pablo.llorente@holcim.com <
pablo.llorente@holcim.com>**
<http:
www.holcim.com/="">**www.holcim.com <http:
www.holcim.com/="">*Follow us on Facebook <https:
www.facebook.com/lafargeholcimitemea/=""> |
Twitter <https: twitter.com/lhitemea=""> | LinkedIn
<https:
www.linkedin.com/company/lafargeholcimitemea/="">*To visit our Workplace Connect site click here
<https: connect.lafargeholcim.com/emea-digital-center/functions/it-security/emea-workplace-services="">*
This email is confidential and intended only for the use of the above named
addressee. If you have received this email in error, please delete it
immediately and notify us by email or telephone.
On Tue, Sep 26, 2023 at 3:59 PM Pablo Llorente via Broadcom <
Mail@broadcom.com> wrote:
> Hello All, I would like to tell our experience with filters, and also to
> ask if there is something that we could do to prevent it. Note: We are...
> -posted to the "Client Management Suite" community
> [image: Broadcom] <https: community.broadcom.com="">
> Client Management Suite
> <https: community.broadcom.com/symantecenterprise/communities/community-home/digestviewer?communitykey="ef59d715-7ea1-41c6-97f3-dd1bcc10d0c3">
> Post New Message <
broadcom-clientmanagementsuite@connectedcommunity.org>
> Filters can be overwritten changing the Filter Definition but keeping the
> original GUID!
> <https: community.broadcom.com/symantecenterprise/discussion/filters-can-be-overwritten-changing-the-filter-definition-but-keeping-the-original-guid#bmdf1e6a41-7a2c-4c22-943c-55d8cad3fe7a="">
> Reply to Group
> <
broadcom_clientmanagementsuite_df1e6a41-7a2c-4c22-943c-55d8cad3fe7a@connectedcommunity.org?subject=re:+filters+can+be+overwritten+changing+the+filter+definition+but+keeping+the+original+guid!> Reply
> to Sender
> <https: community.broadcom.com/symantecenterprise/communities/all-discussions/postreply?messagekey="df1e6a41-7a2c-4c22-943c-55d8cad3fe7a&ListKey=8bad3270-f680-4911-8051-16d37e6be521&SenderKey=278d1fe0-fb09-485d-bc03-377654f3d842">
> [image: Pablo Llorente]
> <https: community.broadcom.com/network/members/profile?userkey="278d1fe0-fb09-485d-bc03-377654f3d842">
> Sep 26, 2023 9:59 AM
> Pablo Llorente
> <https: community.broadcom.com/network/members/profile?userkey="278d1fe0-fb09-485d-bc03-377654f3d842">
>
> Hello All,
> I would like to tell our experience with filters, and also to ask if there
> is something that we could do to prevent it.
> Note: We are in *8.6 RU3 version with all fixes applied.*
> We have detected that our users with limited access (their Role does not
> allow them to save filters) have the possibility now of saving filters if
> they overwrite an existing one! It is so critical and in our case, it
> caused a super issue in our environment.
> *Sample:*
> The Symantec admin has created 40 empty filters called:
> Filter Name: "*XXX - Forcepoint Websense client 22.06*"
> Gui: "{00823574-91ed-4b54-bf0b-c5a6069b15xx}"
> Filter mode: *Raw SQL *(but empty, no sql so the filter is empty)
> All filters are included in single *filter *called "*EMEA - Forcepoint
> Websense client 22.06*"
> and the filter is included in a target: "EMEA_Filter Software A" --> *Target
> *"*EMEA - Forcepoint Websense client 22.06*"
> The target is included in a *policy *that installs the Software A: "*EMEA
> - Forcepoint Websense client 22.06 INSTALL*"
> The users belonging to XXX populate their filter XX with the computers
> where they need to install Software A. One user from country "AAA" cannot
> add computers from country "AAB" logically.
> Issue detected:
> 1. - One user belonging to country "AA" tried to add computers to filter *AA_Filter
> Software A (AA**_guid_Filter **software_A) *but he was not able to save
> the filter once the computers were added (we still dont know, but this is
> not key here).
>
> 2.- The user tried to save the filter but he couldn't so he clicked on the
> blue icon with a yellow cross (New Filter) and then a *New File*r
> appeared on the screen with all computers belonging to AA preloaded (*Filter
> Mode: Row SQL, but with the query that extracts all computers from the
> System and not only the ones of the country AA but ALL devices).*
>
> 3.- The user changed the name to this New Filer and put the same name of
> the filter that he was not able to save: *New Filter *--> renamed to "*AA_Filter
> Software A" *(the Guid of this New Filter should be a new guid filter)*. *
>
> 4.- The user tried to save the new filter, but he was not able as he does
> not have rights... but he clicked over the original filter *AA_Filter
> Software A (AA**_guid_Filter **software_A) *and tried to save over, and
> the system asked: *"Overwrite the existing filter"? *--> User clicked on
> *"Yes"*
>
> 5.- As result of this operation, the user found:
>
> Filter Name: "*XXX - Forcepoint Websense client 22.06*"
> Gui: "{00823574-91ed-4b54-bf0b-c5a6069b15xx}"
> Filter mode: *Raw SQL *but with ALL Computers added.
> The user alerted to Symantec admins because he saved the filert and
> realized that all hiz computers from his country were added, but actually,
> ALL computers for ALL countries were added!!!
> The Policy contained as of that moment a target with ALL computers of the
> system, so in ALL computers will be installed the software!
> *Reply to Group Online
> <https: community.broadcom.com/symantecenterprise/communities/all-discussions/postreply?messagekey="df1e6a41-7a2c-4c22-943c-55d8cad3fe7a&ListKey=8bad3270-f680-4911-8051-16d37e6be521">*
> *Reply to Group via Email
> <
broadcom_clientmanagementsuite_df1e6a41-7a2c-4c22-943c-55d8cad3fe7a@connectedcommunity.org?subject=re:+filters+can+be+overwritten+changing+the+filter+definition+but+keeping+the+original+guid!>*
> *View Thread
> <https: community.broadcom.com/symantecenterprise/discussion/filters-can-be-overwritten-changing-the-filter-definition-but-keeping-the-original-guid#bmdf1e6a41-7a2c-4c22-943c-55d8cad3fe7a="">*
> *Recommend
> <https: community.broadcom.com:443/symantecenterprise/discussion/filters-can-be-overwritten-changing-the-filter-definition-but-keeping-the-original-guid?messagekey="df1e6a41-7a2c-4c22-943c-55d8cad3fe7a&cmd=rate&cmdarg=add#bmdf1e6a41-7a2c-4c22-943c-55d8cad3fe7a">*
> *Forward
> <https: community.broadcom.com/symantecenterprise/communities/all-discussions/forwardmessages?messagekey="df1e6a41-7a2c-4c22-943c-55d8cad3fe7a&ListKey=8bad3270-f680-4911-8051-16d37e6be521">*
> *Flag as Inappropriate
> <https: community.broadcom.com/symantecenterprise/discussion/filters-can-be-overwritten-changing-the-filter-definition-but-keeping-the-original-guid?markappropriate="df1e6a41-7a2c-4c22-943c-55d8cad3fe7a#bmdf1e6a41-7a2c-4c22-943c-55d8cad3fe7a">*
>
>
>
>
> You are subscribed to "Client Management Suite" as
>
pablo.llorente@lafargeholcim.com. To change your subscriptions, go to My
> Subscriptions
> <http: community.broadcom.com/preferences?section="Subscriptions">. To
> unsubscribe from this community discussion, go to Unsubscribe
> <http: community.broadcom.com/higherlogic/egroups/unsubscribe.aspx?userkey="278d1fe0-fb09-485d-bc03-377654f3d842&sKey=KeyRemoved&GroupKey=8bad3270-f680-4911-8051-16d37e6be521">.
>
>
> Copyright © 2005-2023 Broadcom. All Rights Reserved. The term "Broadcom"
> refers to Broadcom Inc. and/or its subsidiaries.
>
> Hosted by Higher Logic, LLC on the behalf of Broadcom - Privacy Policy
> <https:
www.broadcom.com/company/legal/privacy-policy=""> | Cookie Policy
> <https:
www.higherlogic.com/legal/privacy=""> | Supply Chain Transparency
> <https:
www.broadcom.com/company/citizenship/governance-and-ethics#supply="">> | Terms of Use <http: termsandconditions="">
>
Original Message:
Sent: 9/26/2023 6:38:00 AM
From: Pablo Llorente
Subject: Filters can be overwritten changing the Filter Definition but keeping the original GUID!
Hello All,
I would like to tell our experience with filters, and also to ask if there is something that we could do to prevent it.
Note: We are in 8.6 RU3 version with all fixes applied.
We have detected that our users with limited access (their Role does not allow them to save filters) have the possibility now of saving filters if they overwrite an existing one! It is so critical and in our case, it caused a super issue in our environment.
Sample:
The Symantec admin has created 40 empty filters called:
Filter Name: "XXX - Forcepoint Websense client 22.06"
Gui: "{00823574-91ed-4b54-bf0b-c5a6069b15xx}"
Filter mode: Raw SQL (but empty, no sql so the filter is empty)
All filters are included in single filter called "EMEA - Forcepoint Websense client 22.06"
and the filter is included in a target: "EMEA_Filter Software A" --> Target "EMEA - Forcepoint Websense client 22.06"
The target is included in a policy that installs the Software A: "EMEA - Forcepoint Websense client 22.06 INSTALL"
The users belonging to XXX populate their filter XX with the computers where they need to install Software A. One user from country "AAA" cannot add computers from country "AAB" logically.
Issue detected:
1. - One user belonging to country "AA" tried to add computers to filter AA_Filter Software A (AA_guid_Filter software_A) but he was not able to save the filter once the computers were added (we still dont know, but this is not key here).
2.- The user tried to save the filter but he couldn't so he clicked on the blue icon with a yellow cross (New Filter) and then a New Filer appeared on the screen with all computers belonging to AA preloaded (Filter Mode: Row SQL, but with the query that extracts all computers from the System and not only the ones of the country AA but ALL devices).
3.- The user changed the name to this New Filer and put the same name of the filter that he was not able to save: New Filter --> renamed to "AA_Filter Software A" (the Guid of this New Filter should be a new guid filter).
4.- The user tried to save the new filter, but he was not able as he does not have rights... but he clicked over the original filter AA_Filter Software A (AA_guid_Filter software_A) and tried to save over, and the system asked: "Overwrite the existing filter"? --> User clicked on "Yes"
5.- As result of this operation, the user found:
Filter Name: "XXX - Forcepoint Websense client 22.06"
Gui: "{00823574-91ed-4b54-bf0b-c5a6069b15xx}"
Filter mode: Raw SQL but with ALL Computers added.
The user alerted to Symantec admins because he saved the filert and realized that all hiz computers from his country were added, but actually, ALL computers for ALL countries were added!!!
The Policy contained as of that moment a target with ALL computers of the system, so in ALL computers will be installed the software!
</http:></https:></https:></https:></http:></http:></https:></https:></https:></https:></broadcom_clientmanagementsuite_df1e6a41-7a2c-4c22-943c-55d8cad3fe7a@connectedcommunity.org?subject=re:+filters+can+be+overwritten+changing+the+filter+definition+but+keeping+the+original+guid!></https:></https:></https:></https:></broadcom_clientmanagementsuite_df1e6a41-7a2c-4c22-943c-55d8cad3fe7a@connectedcommunity.org?subject=re:+filters+can+be+overwritten+changing+the+filter+definition+but+keeping+the+original+guid!></https:></broadcom-clientmanagementsuite@connectedcommunity.org></https:></https:></https:></https:></https:></https:></http:></http:></pablo.llorente@holcim.com>