10-13-2005 09:25 AM - edited 03-09-2019 12:43 PM
We are using Shavlik HFNetChkPro for patch scanning and deployment. Our scans are generating Registry access control (rule 816)alerts. The alerts are triggering as follows:
The process '<remote application>'(as user DOMAIN\User) attempted to access the registry key '\WHATEVER\PATH\TO\REGISTRY\KEY' The attempted access was an open (operation = OPEN/KEY).
Since CSA does not recognize Shavlik HFNetChkPro as a known application, it does not provide the option to run the Rules Wizard. What is the best method to create an exception for this event?
10-14-2005 09:22 AM
I have the same issue, although w/ a different tool. I'll be curious to see what the resolution is.
10-17-2005 08:45 AM
Create a rule that allows remote registry access from the Domain\Admin or IP address of the machine. I'm guessing you don't run this from a lot of different machines or from user accounts.
Tom S
10-23-2007 08:24 AM
Tom,
I realize this is an oldie but it doesn't mean we haven't spent a couple of days working on it.
We run it from one machine and one account.
Would you please spoon feed us a little bit more detail on where we would create this rule.
Thank you in advance!
Paul
10-23-2007 11:26 AM
Hi Paul, you should be able to create a registry access rule to allow the process '
How broad the registry key exception is depends on what is scanning.
HTH
Tom
10-08-2008 06:51 AM
Tom, Paul or anyone else -
I'm trying to accomplish this using CSA ver 6 to allow Shavlik to update the server.
I have created a rule module with 2 rules.
The first rule is a registry access control and the second rule is a network access rule.
I'm having a hard time trying to understand what rules and what restrictions I can invoke. For instance Rule #1 is a Registry Control rule. For the application there is no
Rule #2 allows me to restricet the IP address of the remote connection, but where can I restrict it to a certain user like Domain\User
If screen shots of the rules would help I can surley upload them.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: