When I scan Windows XP machine with Foundstone(Mcafee) scanner,CSA is preventing the scanning attempt and logging the following message:
9/21/2005 5:03:24 PM: The process '<remote application>' (as user PC1\Admin) attempted to access the registry key '\REGISTRY\MACHINE', value ''. The attempted access was an open (operation = OPEN/KEY). The operation was denied.
When scanner tries to access registry to find out windows missing patches,CSA is blocking the attempt immediately.
We would like to modify the rule in CSA and also want to make sure it does not create any loopholes.
You could create a rule that allows remote applications to access the registry from that IP address or create a dynamic app class for the scanner that adds it to applications allowed remote registry access if you have multiple machines running it.
I've had to do similar things to run nmap, nsbatch, etc...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...