Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSA Shavlik Question

We are using Shavlik HFNetChkPro for patch scanning and deployment. Our scans are generating Registry access control (rule 816)alerts. The alerts are triggering as follows:

The process '<remote application>'(as user DOMAIN\User) attempted to access the registry key '\WHATEVER\PATH\TO\REGISTRY\KEY' The attempted access was an open (operation = OPEN/KEY).

Since CSA does not recognize Shavlik HFNetChkPro as a known application, it does not provide the option to run the Rules Wizard. What is the best method to create an exception for this event?

5 REPLIES
Community Member

Re: CSA Shavlik Question

I have the same issue, although w/ a different tool. I'll be curious to see what the resolution is.

Blue

Re: CSA Shavlik Question

Create a rule that allows remote registry access from the Domain\Admin or IP address of the machine. I'm guessing you don't run this from a lot of different machines or from user accounts.

Tom S

Silver

Re: CSA Shavlik Question

Tom,

I realize this is an oldie but it doesn't mean we haven't spent a couple of days working on it.

We run it from one machine and one account.

Would you please spoon feed us a little bit more detail on where we would create this rule.

Thank you in advance!

Paul

Blue

Re: CSA Shavlik Question

Hi Paul, you should be able to create a registry access rule to allow the process '' (as user Domain\Shavlik User) to access the registry keys in question.

How broad the registry key exception is depends on what is scanning.

HTH

Tom

Community Member

Re: CSA Shavlik Question

Tom, Paul or anyone else -

I'm trying to accomplish this using CSA ver 6 to allow Shavlik to update the server.

I have created a rule module with 2 rules.

The first rule is a registry access control and the second rule is a network access rule.

I'm having a hard time trying to understand what rules and what restrictions I can invoke. For instance Rule #1 is a Registry Control rule. For the application there is no choice in the application list (this is what the event log message is returning when Shavlik attemps to connect to the server).

Rule #2 allows me to restricet the IP address of the remote connection, but where can I restrict it to a certain user like Domain\User

If screen shots of the rules would help I can surley upload them.

Thanks

206
Views
7
Helpful
5
Replies
CreatePlease to create content