This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gorbiabimanyu
Employee Alumnus
Employee Alumnus
‎2021-11-07 06:42 PM
Jump to solution

Compliance policy is in an unsupported format. Please contact your system administrator

HI,

I'm currently testing SCV in my lab to check registry value on endpoint computers. after editing the local.scv on the SMS and then installing the policy, client shows this message

 

Screenshot_3.png

 

 

here is the content of my local scv

:SCVNames (
: (user_policy_scv
:type (plugin)
:parameters (
)
)


: (RegistryMonitor
:type (plugin)
:parameters (
:begin_and (1)
:string ("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\TRAC\client_sub_type=EndpointSecurityIntegrated"
:end (and1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please use Check point Endpoint Security Software that was provided by customer")
:end (admin)
)
)

: (BrowserMonitor
:type (plugin)
:parameters (
:browser_major_version (5)
:browser_minor_version (0)
:browser_version_operand (">=")
:browser_version_mismatchmassage ("Please upgrade your Internet browser.")
:intranet_download_signed_activex (disable)
:intranet_run_activex (disable)
:intranet_download_files (disable)
:intranet_java_permissions (disable)
:trusted_download_signed_activex (disable)
:trusted_run_activex (disable)
:trusted_download_files (disable)
:trusted_java_permissions (disable)
:internet_download_signed_activex (disable)
:internet_run_activex (disable)
:internet_download_files (disable)
:internet_java_permissions (disable)
:restricted_download_signed_activex (disable)
:restricted_run_activex (disable)
:restricted_download_files (disable)
:restricted_java_permissions (disable)
:send_log (alert)
:internet_options_mismatch_message ("Your Internet browser settings do not meet policy requirements\nPlease check the following settings:\n1. In your browser, go to Tools -> Internet Options -> Security.\n2. For each Web content zone, select custom level and disable the following items: DownLoad signed ActiveX, Run ActiveX Controls, Download Files and Java Permissions.")
)
)
: (OsMonitor
:type (plugin)
:parameters (
:os_version_mismatchmessage ("Please upgrade your operating system.")
:enforce_screen_saver_minutes_to_activate (3)
:screen_saver_mismatchmessage ("Your screen saver settings do not meet policy requirements\nPlease check the following settings:\n1. Right click on your desktop and select properties.\n2. Select the Screen Saver tab.\n3. Under Wait choose 3 minutes and check the Password Protection box.")
:send_log (alert)
:major_os_version_number_2k (5)
:minor_os_version_number_2k (0)
:os_version_operand_2k ("==")
:service_pack_major_version_number_2k (0)
:service_pack_minor_version_number_2k (0)
:service_pack_version_operand_2k (">=")
:major_os_version_number_xp (5)
:minor_os_version_number_xp (1)
:os_version_operand_xp ("==")
:service_pack_major_version_number_xp (0)
:service_pack_minor_version_number_xp (0)
:service_pack_version_operand_xp (">=")
:major_os_version_number_2003 (5)
:minor_os_version_number_2003 (2)
:os_version_operand_2003 ("==")
:service_pack_major_version_number_2003 (0)
:service_pack_minor_version_number_2003 (0)
:service_pack_version_operand_2003 (">=")
:major_os_version_number_7 (6)
:minor_os_version_number_7 (1)
:os_version_operand_7 ("==")
:service_pack_major_version_number_7 (0)
:service_pack_minor_version_number_7 (0)
:service_pack_version_operand_2003 (">=")
:major_os_version_number_8 (6)
:minor_os_version_number_8 (2)
:os_version_operand_8 ("==")
:service_pack_major_version_number_8 (0)
:service_pack_minor_version_number_8 (0)
:service_pack_version_operand_8 (">=")
:major_os_version_number_81 (6)
:minor_os_version_number_81 (3)
:os_version_operand_8 ("==")
:service_pack_major_version_number_81 (0)
:service_pack_minor_version_number_81 (0)
:service_pack_version_operand_81 (">=")
:major_os_version_number_10 (10)
:minor_os_version_number_10 (0)
:os_version_operand_10 ("==")
:service_pack_major_version_number_10 (0)
:service_pack_minor_version_number_10 (0)
:service_pack_version_operand_10 (">=")
)
)
: (ProcessMonitor
:type (plugin)
:parameters (
:begin_or (or1)
:AntiVirus1.exe (true)
:AntiVirus2.exe (true)
:end (or1)
:IntrusionMonitor.exe (true)
:ShareMyFiles.exe (false)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please check that the following processes are running:\n1. AntiVirus1.exe or AntiVirus2.exe\n2. IntrusionMonitor.exe\n\nPlease check that the following process is not running\n1. ShareMyFiles.exe")
:end (admin)
)
)
: (groupmonitor
:type (plugin)
:parameters (
:begin_or (or1)
:begin_and (1)
:"builtin\administrator" (false)
:"BUILTIN\Users" (true)
:end (1)
:begin_and (2)
:"builtin\administrator" (true)
:"BUILTIN\Users" (false)
:end (and2)
:end (or1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("You are using SecureClient with a non-authorized user.\nMake sure you are logged on as an authorized user.")
:securely_configured_no_active_user (false)
:end (admin)
)
)
: (HotFixMonitor
:type (plugin)
:parameters (
:147222 (true)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please install security patch Q147222.")
:end (admin)
)
)
: (AntiVirusMonitor
:type (plugin)
:parameters (
:type ("Norton")
:Signature (">=20020819")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please update your AntiVirus (use the LiveUpdate option).")
:end (admin)
)
)
: (HWMonitor
:type (plugin)
:parameters (
:cputype ("GenuineIntel")
:cpumodel ("9")
:cpufamily ("6")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your machine must have an\nIntel(R) Centrino(TM) processor installed.")
:end (admin)
)
)
: (ScriptRun
:type (plugin)
:parameters (
:exe ("VerifyScript.bat")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Verification script has determined that your configuration does not meet policy requirements.")
:end (admin)
)
)
: (RegMonitor
:type (plugin)
:parameters (
:value ("Software\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternVer>=414")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please update your AntiVirus (use the LiveUpdate option).")
:end (admin)
)
)
: (SCVMonitor
:type (plugin)
:parameters (
:scv_version ("54014")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please upgrade your Secure Configuration Verification products package.")
:end (admin)
)
)
: (sc_ver_scv
:type (plugin)
:parameters (
:Default_SecureClientBuildNumber (52032)
:Default_EnforceBuildOperand ("==")
:MismatchMessage ("Please upgrade your SecureClient.")
:EnforceBuild_9X_Operand (">=")
:SecureClient_9X_BuildNumber (52030)
:EnforceBuild_NT_Operand ("==")
:SecureClient_NT_BuildNumber (52032)
:EnforceBuild_2K_Operand (">=")
:SecureClient_2K_BuildNumber (52032)
:EnforceBuild_XP_Operand (">=")
:SecureClient_XP_BuildNumber (52032)
)
)
)
:SCVPolicy (
: (RegistryMonitor)
)
:SCVGlobalParams (
:enable_status_notifications (false)
:status_notifications_timeout (10)
:disconnect_when_not_verified (false)
:block_connections_on_unverified (false)
:scv_policy_timeout_hours (168)
:enforce_ip_forwarding (false)
:not_verified_script ("")
:not_verified_script_run_show (false)
:not_verified_script_run_admin (false)
:not_verified_script_run_always (false)
:allow_non_scv_clients (false)
:skip_firewall_enforcement_check (false)
)
)

any idea on this issue anyone?

0 Kudos
1 Solution

Accepted Solutions
Alex_Sazonov
Employee
Employee
‎2021-11-07 10:39 PM
Jump to solution

Hi @Gorbiabimanyu 

Please check Remote Access  admin guide for Configuring SCV - Logical Sections:

The begin_and (andX) label - this label is similar to the begin_or (orX)label, but the expressions inside are evaluated and logically ANDed. The end of this section is marked by the end (andX) or the end (orX) label. As mentioned earlier, simple subsequent expressions are automatically ANDed. The reason that this label exists is to allow nested ANDed sections inside ORed sections. For example, if an administrator considers old browsers as secure since they do not have a lot of potentially unsafe components, and new browsers as secure, since they contain all the latest security patches, he can define the following SCV rules:

:begin_or (or1)

:begin_and (and1)

:browser_major_version (5)

:browser_minor_version (0)

:browser_version_operand (">=")

:end (and1)

:begin_and (and2)

:browser_major_version (3)

:browser_minor_version (0)

:browser_version_operand ("<=")

:end (and2)

:end (or1)

 

In your case you have incorrect start of begin_and

 

: (RegistryMonitor
:type (plugin)
:parameters (
:begin_and (1)
:string ("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\TRAC\client_sub_type=EndpointSecurityIntegrated"
:end (and1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please use Check point Endpoint Security Software that was provided by ********")
:end (admin)
)
)

View solution in original post

2 Replies
Alex_Sazonov
Employee
Employee
‎2021-11-07 10:39 PM
Jump to solution

Hi @Gorbiabimanyu 

Please check Remote Access  admin guide for Configuring SCV - Logical Sections:

The begin_and (andX) label - this label is similar to the begin_or (orX)label, but the expressions inside are evaluated and logically ANDed. The end of this section is marked by the end (andX) or the end (orX) label. As mentioned earlier, simple subsequent expressions are automatically ANDed. The reason that this label exists is to allow nested ANDed sections inside ORed sections. For example, if an administrator considers old browsers as secure since they do not have a lot of potentially unsafe components, and new browsers as secure, since they contain all the latest security patches, he can define the following SCV rules:

:begin_or (or1)

:begin_and (and1)

:browser_major_version (5)

:browser_minor_version (0)

:browser_version_operand (">=")

:end (and1)

:begin_and (and2)

:browser_major_version (3)

:browser_minor_version (0)

:browser_version_operand ("<=")

:end (and2)

:end (or1)

 

In your case you have incorrect start of begin_and

 

: (RegistryMonitor
:type (plugin)
:parameters (
:begin_and (1)
:string ("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\TRAC\client_sub_type=EndpointSecurityIntegrated"
:end (and1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please use Check point Endpoint Security Software that was provided by ********")
:end (admin)
)
)

PradeepSonawne
Explorer
‎2023-09-06 04:32 AM
In response to Alex_Sazonov
Jump to solution

Hi Alex,

I need your help as i am also facing the same kind of issue with some users in our organization.

Issue statement issue: The user getting with error "Your computer is not compliant with the secure policy" due to the compliance policy is in an unsupported format.

We are running with R81.10    Endpoint client ver 87.20

We are scanning Reg and Process monitor through SVC file, around 600 users connected daily without an issue but some users are not able to connect with VPN due to said error.

I am uploading SCV file and error snap here and i will be highly appreciate your help in this regards.

VPN Not complaint error.JPG
Preview file
49 KB
SVC-BCK-4Sep-23.txt
Preview file
13 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top