You have Proventia Desktop installed and it appears to be blocking an action or application from running.  After you check the attack-list.csv file, you don’t see anything being blocked.  (Please refer to Check the attack-list to perform this check)

At this point, you’ll need to increase logging for Proventia Desktop.  To do this, you will need to modify the signature file.  This file is called sigs.ini and it’s in the install folder for Proventia Desktop.  This file can be modified in any text editor, such as notepad.  A “signatures” file is commonly used in intrusion detection systems to list the network patterns that indicate an attack.

Follow this instructions on modifying this file:

1. The RapApp Service will have this file locked so it cannot be modified.  Stop the RapApp Service.
2. Create a copy the sigs.ini file, so you have the original and a copy that can be modified.
3. Add the following lines to the sigs.ini file. It should look like this:
trust.issue = 2002703 2002805
packetLog.logging=enabled
evidence.logging=enabled
packet.padding=enabled
packetLog.maxKbytes = 8192
packetLog.maxfiles = 20
debugLog.set = ALL
debugLog.clear =
echo_wm_messages = true
4. Save the sigs.ini and restart the RapApp and BlackICE Services
5. Recreate the problem that's being caused by Proventia Desktop
6. The log files will now have more information in them.  Also, files like this: logxxx.enc, will be created in the Proventia Desktop folder. These file need to be examined to find out what is causing the application to now work.
7. Be sure the restore the sigs.ini to the original.

Send the entire Proventia Desktop  folder, or at the very least the logxxx.enc files to the team that manages Proventia for your company.

In the event that this does not show where the problem lies, upgrading to the newest version (XPU) of Proventia should be tried.  With every XPU update, improvements are being made to the Proventia agent and many times this will resolve the issue.

Share
Delicious