Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
VicOropeza420
Explorer

Why user "localhost" install policies on the FW?

Hi, Folks.

Do you know why the user "localhost" is installing policies on the firewall? Recently, i identified on the FW logs this activity, I leave a sample of the log:

"Nov 11 12:09:50 x.x.x.x 1 2024-11-11T15:09:48Z FW - [action:"Accept"; flags:"xxx"; ifdir:"outbound"; loguid:"{xxx}"; origin:"x.x.x.x"; originsicname:"xxxx"; sequencenum:"1"; time:"1731337788"; version:"x"; additional_info:"Desktop Policy : policy_name"; administrator:"localhost"; audit_status:"Success"; client_ip:"127.0.0.1"; machine:"localhost"; objectname:"xxxx"; objecttable:"applications"; objecttype:"dtps_application"; operation:"Install Policy"; operation_number:"7"; product:"SmartConsole"; subject:"Policy Installation"; uid:"{xxxxx}"]"

The policy installed is "Desktop Policy", This activity can be "normal" or as part of policy program updates?

I would greatly appreciate your support.

Regards,

Victor.

2 Replies
PhoneBoy
Admin
Admin

Desktop Policy is used by Remote Access clients.
Normally, this is pushed as part of the regular Access Policy.
Not sure why "localhost" is doing this...might be worth a TAC case.

the_rock
Legend
Legend

Just by pure logic, I would say thats not an actual user and here is why. So, if you think about it, ANY computer in the world can technically be "localhost" and we all know what IP is 127.0.0.1. I think @PhoneBoy even has shirt about it lol

Anyway, Im fairly positive this is simply default. system log, or, as you described it, normal in this instance. As Phoneboy had said, desktop policy is related to remote access clients.

Hope that helps.

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events