We've been using Proventia Desktop (BlackICE) for about 4-5 years. We have about 600 systems deployed at any given point which run it. We also are using AD with extensive group policy changes. Those group policies are always being altered and then the changes are propagated throughout the network. There's a few ways you could do what you ask. But yes it will work fine.
1. Insert the IP or IPs of the server(s) that send out changes into the PD's "trust list". Then those IPs will not be challenged. 2. Open any ports needed so when the policy changes come the workstation will not challenge the traffic. PD has a couple "default" policies (trusted, cautious, nervous and paranoid). These policy levels have different port groups allowed or blocked. For example I think cautious allows 1-1024TCP but nothing higher but nervous blocks even below 1024. I don't know something like that. Either way those are completely changeable. One BIG issue which I recently discovered: When the upgrade from v7.x to v8.x (BlackICE changed to PD) ISS added a handful of new features such as 1) "do not allow user to stop PD service", 2) "Do not allow PD config files to be altered", 3) "Password required to perform #1 and #2 and a few more things. When they say do not allow svc to be stopped THEY MEAN IT. The start/stop from Microsoft's "Manage" util. is grayed out ALL the time. You have to use the PD GUI app to start or stop. The BIG BIG problem is if you are remote. What if you are remotely administrating the system? What if you are in the next office or in China and you want to remotely stop PD? You can't, it's grayed out. You MUST either be at the desktop or able to remote controlling the desktop. No big deal you say? Well, if you are trying to stop the PD svc. then most likely it is because it's blocking something you don't want...like you! I rolled this out to about 12 systems as a test and I was so glad. I managed to get blocked by all 12 and I could not stop the svc so I could get to the systems and fix them. They even blocked our corp. Sitepro server. ISS is aware of my issue and told me if I ever need to remotely manage a system then maybe those features aren't for me. Dumb answer. What admin doesn't remotely manage systems? I have those features turned off now. It would have been a nightmare if I had pushed this out to 600+ systems and they all locked themselves out of everything. The spyware feature is new and although I have it on I can't say that I've seen it do anything good or bad yet. I suspect it will block pretty well but it's hard to believe it's as powerful as the new Spybot. David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Wharton Sent: Wednesday, July 20, 2005 9:50 PM To: [email protected] Subject: [ISSForum] Proventia desktop 1) does proventia desktop work well with Active directory group policy edits? For example, an AD administrator should be able to centrally control all workstations deployed with PD and do things like change the wallpaper or screen saver, etc 2) what are the spyware capabilities of PD? Are they as good as commercial anti-spyware utilities like adaware? Thx _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
