Cisco Security Agent
This chapter contains the following topics:
Note For more detailed information, see the “Troubleshooting the Standalone Security Agent” section and the “Cisco Security Agent: Standalone Agent Overview” chapter in the installation guide for Cisco Security Manager for your release.
FAQs About the Cisco Security Agent
This section answers the following questions about the Cisco Security Agent:
Q. What if the Cisco Security Agent is already installed on the system on which I want to install Security Manager?
By default, a standalone version of the Cisco Security Agent is installed as part of Security Manager installation. However, if Security Manager detects a preexisting version of the full Cisco Security Agent that was not installed by Security Manager, that version of the Cisco Security Agent is left in place. In this case, we recommend that you import all of the policies that you find on the Security Manager installation DVD (in \csm3_0_1_win_server\CSA\CSMCSA3.0.1_policies.export) into your version of the full agent. Bear in mind that if you import these policies, you must reconcile them with any conflicting policies that your organization configures. To learn more, see the Cisco Security Agent documentation on Cisco.com.
Q. Is it possible to reinstall the bundled Cisco Security Agent after uninstalling it?
On the installation DVD, run CSA\CSA-CSM-setup.exe to reinstall the Cisco Security Agent. Be aware, however, that future upgrades of Security Manager will not treat this version of the Cisco Security Agent as having been installed by Security Manager. This could affect future upgrades. For example, if an upgraded version of Security Manager contains a new version of the Cisco Security Agent, the new version will not be installed, because Security Manager does not overwrite versions of the Cisco Security Agent that it did not install (as described above).
The alternative method to reinstall the bundled Cisco Security Agent is to reinstall Security Manager.
Q. Does the Cisco Security Agent co-exist with other host IPS systems?
You may encounter problems with the Cisco Security Agent when other host IPS systems are already installed. Because the Cisco Security Agent is installed automatically with Security Manager, we recommend doing the following:
– Uninstalling the other host IPS.
– Installing Security Manager (which automatically installs the Cisco Security Agent).
– Uninstalling the Cisco Security Agent.
– Reinstalling the other host IPS.
Note This procedure can also be used for other applications that might conflict with the Cisco Security Agent, such as personal firewalls. For more details, see the installation guide for Cisco Security Manager for your release.
Q. Why does the following message appear in the Cisco Security Agent event log?
The process 'C:\apps\CSMServer\lib\vbroker\bin\osagent.exe' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on UDP port 42342 from <ip address of an external machine>. The operation was denied.
This messages represents a valid deny event. The only valid connection request to the CiscoWorks RME Gatekeeper daemon on the Security Manager server is from the co-located RME application. Because this connection request is considered to be an intraserver request, any connection request from an external machine to the CiscoWorks RME Gatekeeper daemon on the Security Manager server is denied.
Installation, Uninstallation, or Reinstallation
See the installation guide for Cisco Security Manager for your release for information about troubleshooting problems that are related to the installation, uninstallation, or reinstallation of:
- Security Manager (including Common Services) software on a server.
- Security Manager Client.
- The standalone version of Cisco Security Agent that is installed on most Security Manager servers.
For information regarding the installation of the Security Manager License, see Cisco Security Manager 3.x: Steps to Install the License for Various Options on Cisco.com at: