How can I avoid the "Configuration Package too large" event?
You may see the "Configuration package too large" event on your computers after applying a change in policy. This is usually due to having too many IPS Rules assigned to a policy, and not making use of the recommendation feature in the most automated way.
The team is currently working on a permanent fix for this issue for new customers, but some customers may have static policies that need to be manually updated. The best way to resolve this issue is to ensure there are no rules assigned to the computer at the policy level, and that you use Automatic Assignment of Recommendation Scans to do the assignment at the computer level. To achieve this, please follow these steps to resolve this issue:
-
Find the computer in with the issue on the "Computers" tab of Deep Security, and double click the computer to enter the details page.
-
Click the "Edit..." button next to the Policy for the computer, this will open up another window to edit the policy.
-
Click on the "Intrusion Prevension" item in the left pane.
-
Under "Assigned Intrusion Prevention Rules" click the "Assign/Unassign..." button.
-
On the second drop down at the top, choose "Assigned", and on the third drop down choose "No Grouping".
-
On each page of rules, choose to "Select All", and then "Unassign Rule(s)".
-
Follow the previous step to unassign each page of rules. Then leave the rule setting.
-
In the "Automatically Implement Intrusion Prevention Recommendations", choose "Yes", and click "Save". You can now close the policy editor.
-
Back in the Computer's detail page, click the "Intrusion Prevention" item on the left pane.
-
Then click the "Clear Recommendations" button, and finally start a new recommendations scan by clicking the "Scan For Recommendations".
When the scan is complete the minimal set of Intrusion Prevention rules will be assigned to the computer and the previous error will be cleared. If this issue persists please file a support case and let us know!
