topic SCV RegMonitor matching DWORD values in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-RegMonitor-matching-DWORD-values/m-p/155903#M6359 <P>Does anyone know how to correctly match REG_DWORD values in SCV (Secure Configuration Verification)?<BR />While matching REG_SZ values is working fine for me using the following syntax:</P><PRE> :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion&gt;=6.3")</PRE><P>&nbsp;... matching the new Windows Version values which are REG_DWORD does not work:</P><PRE> :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMajorVersionNumber==10")<BR /> :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMinorVersionNumber&gt;=0")</PRE><P>I also tried using :value instead of :string but it made no difference.</P><P>What I'm also interested in is how the &gt;= operator is exactly working with non numeric values like in DisplayVersion which looks like "20H2".</P><P>The previously used keys CurrentVersion and ReleaseId seem not to be updated by Windows anymore since they are still 6.3 and 2009 on my Windows 10 machine.</P><P>If there is a better way to prevent older windows versions to connect its also welcome. I just have not figured out yet how&nbsp; OsMonitor does work since begin_and/begin_or are not allowed in this section.</P><P>Final aim is to prevent clients lower than Win10 21H1 to connect.</P><P>Thanks, Bernhard</P> Mon, 29 Aug 2022 13:44:41 GMT bernhard_m 2022-08-29T13:44:41Z SCV RegMonitor matching DWORD values https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-RegMonitor-matching-DWORD-values/m-p/155903#M6359 <P>Does anyone know how to correctly match REG_DWORD values in SCV (Secure Configuration Verification)?<BR />While matching REG_SZ values is working fine for me using the following syntax:</P><PRE> :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion&gt;=6.3")</PRE><P>&nbsp;... matching the new Windows Version values which are REG_DWORD does not work:</P><PRE> :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMajorVersionNumber==10")<BR /> :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMinorVersionNumber&gt;=0")</PRE><P>I also tried using :value instead of :string but it made no difference.</P><P>What I'm also interested in is how the &gt;= operator is exactly working with non numeric values like in DisplayVersion which looks like "20H2".</P><P>The previously used keys CurrentVersion and ReleaseId seem not to be updated by Windows anymore since they are still 6.3 and 2009 on my Windows 10 machine.</P><P>If there is a better way to prevent older windows versions to connect its also welcome. I just have not figured out yet how&nbsp; OsMonitor does work since begin_and/begin_or are not allowed in this section.</P><P>Final aim is to prevent clients lower than Win10 21H1 to connect.</P><P>Thanks, Bernhard</P> Mon, 29 Aug 2022 13:44:41 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-RegMonitor-matching-DWORD-values/m-p/155903#M6359 bernhard_m 2022-08-29T13:44:41Z Re: SCV RegMonitor matching DWORD values https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-RegMonitor-matching-DWORD-values/m-p/156274#M6360 <P>Pretty sure you can only use &gt;= with things that have a numeric value, at least based on the documentation:<BR /><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-VPNRG/Secure-Configuration-Verification.htm?TocPath=Secure%20Configuration%20Verification%7C_____0#Secure_Configuration_Verification" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-VPNRG/Secure-Configuration-Verification.htm?TocPath=Secure%20Configuration%20Verification%7C_____0#Secure_Configuration_Verification</A></P> <P>If you're checking major version, this is the way to do it: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk176367&amp;partition=Advanced&amp;product=Endpoint" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk176367&amp;partition=Advanced&amp;product=Endpoint</A></P> Fri, 02 Sep 2022 00:04:28 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SCV-RegMonitor-matching-DWORD-values/m-p/156274#M6360 PhoneBoy 2022-09-02T00:04:28Z