Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"There are one or more Application Type conflicts on this Computer..." appears in DPI Events when updating the Deep Security Agent (DSA)

    • Updated:
    • 4 Feb 2019
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Linux - SuSE 10
    • Linux - SuSE 11
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Standard
Summary

The following error message appears in the DPI Events tab on the Deep Security Manager (DSM) console when updating the DSAs:

There are one or more Application Type conflicts on this Computer. One or more DPI Rules associated with one Application Type are dependent on one or more DPI Rules associated with another Application Type. The conflict exists because the two Application Types use different Ports.

These are the conflicting Application Types:

[A] "Web Application Tomcat"  Ports: [80,8080,4119]  [B] "Web Server Common"  Ports: [80,631,8080,7001,7777,7778,7779,7200,7501,8007,  8004,4000,32000,5357,5358,9000]
[A] "Web Server Miscellaneous"  Ports: [80,4000,7100,7101,7510,8043,8080,8081,8088,8300,8500,  8800,9000,9060,19300,32000,3612,10001,8093,8094]  [B] "Web Server Common"  Ports: [80,631,8080,7001,7777,7778,7779,7200,7501,8007,  8004,4000,32000,5357,5358,9000]
Details
Public

Below are the different reasons why the error occurs and how it can be resolved:

To resolve the conflict, edit the ports used by Application Type(s) B so that they include the ports used by Application Type(s) A.

The two application types (Web Application Tomcat and Web Server Miscellaneous) are both dependent on the application type Web Server Common. This is why the ports listed in the first two application types should also appear in the Web Server Common ports.

If you consolidate the ports for these three application types, the result is:

80,631,3612,4000,4119,5357,5358,7001,7100,7101,7200,7501,7510,7777,7778,7779,
8004,8007,8043,8080,8081,8088,8093,8094,8300,8500,8800,9000,9060,10001,19300,32000

After adding this to the Web Server Common port list, you will see this message in the Events tab:

"The Application Type Port List Misconfiguration has been resolved."

To consolidate the ports and resolve this issue:

  1. Log on to the Deep Security console.
  2. Go to Policies > Rules > IPS.
  3. Type "Web Server Common" in the search box on the right pane and press ENTER.
  4. Double-click the Web Server Common application type.
  5. Navigate to General Details > Application type > Edit > Web server common.
  6. Under the General tab > Connection Ports, replace all the ports with this consolidated entry:

    80,631,3612,4000,4119,5357,5358,7001,7100,7101,7200,
    7501,7510,7777,7778,7779,8004,8007,8043,8080,8081,8088,8093,
    8094,8300,8500,8800,9000,9060,10001,19300,32000

  7. Click Apply > Save.

The issue is caused by the Application Type Properties on assigned Web Server Common, which is inherited and assigned to 4119.

Application Type Properties

To resolve the issue:

  1. On the Application Type Properties tab, uncheck the Inherited checkbox.
  2. Assign the port to Web Server Common Port List.

Web Server Common Port List

The alert has been resolved.

The Application Type Port List Misconfiguration has been resolved.

The computer status keeps showing the yellow warning message "Application Type Port List Misconfiguration".

Application Type Port List Misconfiguration

The warning event description explains that there is port misconfiguration and conflicting application on both Web Server Miscellaneous and Web Server Common.

Warning Event Description

To reproduce the issue, you can do the following:

  1. Install a standalone agent or co-locate Deep Security Manager with Relay and IPS feature enabled on Windows Platform.
  2. Assign the Security Policy inherited from Deep Security.
  3. Apply Recommended for Assignment rules to the target Deep Security Agent after performing the Recommendation Scan.
  4. Check the Computer status on the Deep Security Manager web console. It will show the yellow warning message.

The additional rules of the following Application Types are recommended to be assigned to the target Deep Security Agent:

  • Web Server Common
    • 1000128 - HTTP Protocol Decoding
  • Web Server Miscellaneous
    • 1005509 - Nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability
    • 1005519 - Nginx http_parse_chunked Denial Of Service Vulnerability
    • 1005825 - Nginx Crafted URI String Handling Access Restriction Bypass Vulnerability

However, the Web Server Miscellaneous Application Type will be detected due to the NGINX process, which is used by the Deep Security Relay as Web Server for update purpose. The NGINX process is deployed when the Deep Security Relay module is enabled. Therefore, the Recommendation Scan is unable to retrieve the exact version of NGINX process via Windows system manager or software installer.

As a workaround, do the following:

  1. Un-assign these three (3) rules from the Security Policy:
    • 1005509
    • 1005519
    • 1005825
  2. Send again the updated policy to Deep Security Agent.
  3. Clear Warnings/Errors from the target Deep Security Agent.
  4. Clear Recommendations and perform Scan Recommendations on the target Deep Security Agent.
Premium
Internal
Rating:
Category:
Troubleshoot; Update
Solution Id:
1060278
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.