https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152643#M5859 <P><SPAN>It's Harmony Endpoint managed via the cloud</SPAN></P> Sun, 10 Jul 2022 23:06:04 GMT Luiz_ 2022-07-10T23:06:04Z https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152515#M5851 <P>Hi there checkmates,</P><P>&nbsp;</P><P>We are trying to create a Compliance rule to check if a specific Windows Defender Firewall rule is present on the user's laptop.</P><P>The registry folder where the rules are located is&nbsp;<STRONG>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules</STRONG>.</P><P>The value of each registry is where we look for a certain string to check if the rule we want to check is there, it looks like: v2.30|Action=Allow|Active=TRUE|Dir=Out|<STRONG>Name=Microsoft Solitaire Collection</STRONG>|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1918626456-2443561179-3960203745-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|</P><P>The challenge is: the 'name' for each registry is randomized, a value like "{0E69F20E-9517-4D89-A9AB-603E27C8891F}". We can't find a way to check all registries because of that, we would need to use wildcard to do that and we aren't able to do that according to our tests.</P><P>Screenshot is attached with the configuration, where we would use * on the "Registry value name" field.</P><P>We have an open case with TAC for almost two weeks trying to get this answer but it doesn't go anywhere.</P><P>Any ideas? Thanks a lot.</P><DIV class="">&nbsp;</DIV><P>&nbsp;</P> Thu, 07 Jul 2022 14:35:40 GMT https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152515#M5851 Luiz_ 2022-07-07T14:35:40Z https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152640#M5858 <P>Is this with Harmony Connect or Harmony Endpoint managed via the cloud?</P> Sun, 10 Jul 2022 22:10:36 GMT https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152640#M5858 PhoneBoy 2022-07-10T22:10:36Z https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152643#M5859 <P><SPAN>It's Harmony Endpoint managed via the cloud</SPAN></P> Sun, 10 Jul 2022 23:06:04 GMT https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152643#M5859 Luiz_ 2022-07-10T23:06:04Z https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152793#M5888 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/35245">@jcortez</a>&nbsp;can you think of a better way to do what's trying to be done here?</P> Tue, 12 Jul 2022 12:53:28 GMT https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152793#M5888 PhoneBoy 2022-07-12T12:53:28Z https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152819#M5890 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;&amp;&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/31499">@Luiz_</a>&nbsp;</P> <P>That is a very good question. Due to the fact that the Registry Key values a randomized it would be very difficult to achieve this. I honestly cannot think of a good workaround.</P> <P>&nbsp;</P> <P>Let me have some of our internal resources take a look at this and I will reply back.</P> Tue, 12 Jul 2022 16:15:30 GMT https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152819#M5890 jcortez 2022-07-12T16:15:30Z https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152840#M5895 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;&amp;&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/31499">@Luiz_</a>&nbsp;</P> <P>After speaking with our internal resources the only workaround that could work is creating a wildcard test in a script and using our Compliance Blade to run the script periodically.</P> Tue, 12 Jul 2022 23:28:41 GMT https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152840#M5895 jcortez 2022-07-12T23:28:41Z https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152912#M5896 <P>Very good idea! Thanks a lot!</P><P>We're going to try this way.</P> Wed, 13 Jul 2022 16:32:33 GMT https://community.checkpoint.com/t5/Endpoint/Using-Compliance-blade-to-check-Windows-registry-for-Windows/m-p/152912#M5896 Luiz_ 2022-07-13T16:32:33Z