|
|
|
CA Access Control maintains driver settings it uses under the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\FsiDrv
The FsiDrv registry key contains the following registry entries:
Defines the minimum time in seconds between two consecutive audit events from the same source. CA Access Control does not log audit messages for consecutive events from the same source that occur within this time period.
Default: 0 (all audit events are logged)
Specifies whether to disable batch OpLocks (opportunistic locking) of an entire file. When disabled (value is zero), the driver collects 100 percent of audit information for file access but performance decreases. A non-zero value keeps batch OpLocks operating regularly (enabled) and increases performance, but potentially provides incomplete audit information that may not include attempts to access related files.
Note: You must reload the driver to use the new setting. Unload the driver (net stop seosdrv) after you stop CA Access Control (secons -s).
Default: 1 (enabled)
Defines the seosdrv kernel memory cache limit size in megabytes.
Type: REG_DWORD
Limits: 8 - 64
Default: 16
The location of the driver.
Default: system_drive\Windows_path\system32\drivers
Specifies that CA Access Control traces all kernel mode threads that are created by another product which creates system threads, for example Trend Micro™ PC-cillin Antivirus.
Note: Enabling this registry value can cause performance issues. We recommend that you contact CA Technologies before you enable this registry value. For assistance, contact CA Support at http://ca.com/support.
Type: REG_DWORD
Default: 0 (disabled)
The toggle to enable or disable the generic file cache.
Values: 0—enable the generic file cache, 1—disable the generic file cache
Default: 0
Specifies whether to disable loophole protection, which protects CA Access Control from applications such as Process Monitor (procmon.exe) that may close its handles.
Values: 0 - enable loophole protection; 1 - disable loophole protection.
Default: 0
Note: This key applies to 32-bit Windows environments.
Defines the audit queue limit. When the queue length exceeds this limit, CA Access Control artificially slows down threads that generate audit events so that it can read the queue and write to the log file faster than new items are added to the queue.
Note: When new items are added to the queue faster than CA Access Control can read and process them, the system's memory may be exhausted.
Default: 200
Defines the number of consecutive timeouts that CA Access Control detects before it triggers a driver bypass. Once reached, the driver stops sending authorization requests to the authorization engine until the engine indicates that it is ready to process events.
A value of zero disables this bypass.
Default: 5
Defines the driver response during intercepted network event at dispatch at IRQL.
Values: 0,1
Default:
The maximum time in seconds to wait for seosd to respond.
Default: 10
The driver's response after time-out.
Default: 0 (Deny)
The toggle to enable or disable the generic registry cache.
Values: 0—enable the generic registry cache, 1—disable the generic registry cache
Default: 0
Line separated list of user names who can administer the computer in maintenance mode (SilentModeEnabled =1).
No default
Determines whether maintenance mode is active (1).
Default: 0 (disabled)
Specifies if CA Access Control bypasses access checks for system processes. By default, CA Access Control does not consider system processes to be trusted and does not bypass access checks for system processes.
Values: 0 - bypass access checks; 1 - do not bypass access checks.
Default: 1
| Copyright © 2012 CA. All rights reserved. |
|