Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
DBSS CLR Security alarms fire for user defined assemblies
Description
Redundant CLR security alarms fire for system CLR assemblies
Cause
The collection retrieves data system and user defined assemblies.
Resolution
WORKAROUND None
STATUS Defect ID FOG-7316 has been logged to filter the collection to only retrieve user defined CLR assemblies. This is planned for a future release of the SQL Server cartridge.
Defect ID
FOG-7316
Additional Information
According to Microsoft, this might explain why it is is firing for SQL Server, "CLR uses Code Access Security (CAS) in the .NET Framework is no longer supported as a security boundary.
A CLR assembly created with PERMISSION_SET = SAFE may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges.
Beginning with SQL Server 2017 (14.x), an sp_configure option called CLR strict security is introduced to enhance the security of CLR assemblies. CLR strict security is enabled by default, and treats SAFE and EXTERNAL_ACCESS assemblies as if they were marked UNSAFE. The CLR strict security option can be disabled for backward compatibility, but this is not recommended"
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Recommended Content
Product(s):
Foglight for Databases
7.1.0, 6.3.0, 6.1.0, 6.0.0, 5.9.7
Foglight
7.1.0, 6.3.0, 6.1.0, 6.0.0, 5.9.8, 5.9.7
Foglight Cloud
Hosted
Topic(s):
Troubleshooting
Article History:
Created on: 11/21/2023 Last Update on: 12/12/2023
Thank you for your feedback for Topic Request
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Welcome to Quest Support
You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.
The Quest Software Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.