Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gorbiabimanyu
Employee Alumnus
Employee Alumnus

Compliance policy is in an unsupported format. Please contact your system administrator

Jump to solution

HI,

I'm currently testing SCV in my lab to check registry value on endpoint computers. after editing the local.scv on the SMS and then installing the policy, client shows this message

 

Screenshot_3.png

 

 

here is the content of my local scv

:SCVNames (
: (user_policy_scv
:type (plugin)
:parameters (
)
)


: (RegistryMonitor
:type (plugin)
:parameters (
:begin_and (1)
:string ("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\TRAC\client_sub_type=EndpointSecurityIntegrated"
:end (and1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please use Check point Endpoint Security Software that was provided by customer")
:end (admin)
)
)

: (BrowserMonitor
:type (plugin)
:parameters (
:browser_major_version (5)
:browser_minor_version (0)
:browser_version_operand (">=")
:browser_version_mismatchmassage ("Please upgrade your Internet browser.")
:intranet_download_signed_activex (disable)
:intranet_run_activex (disable)
:intranet_download_files (disable)
:intranet_java_permissions (disable)
:trusted_download_signed_activex (disable)
:trusted_run_activex (disable)
:trusted_download_files (disable)
:trusted_java_permissions (disable)
:internet_download_signed_activex (disable)
:internet_run_activex (disable)
:internet_download_files (disable)
:internet_java_permissions (disable)
:restricted_download_signed_activex (disable)
:restricted_run_activex (disable)
:restricted_download_files (disable)
:restricted_java_permissions (disable)
:send_log (alert)
:internet_options_mismatch_message ("Your Internet browser settings do not meet policy requirements\nPlease check the following settings:\n1. In your browser, go to Tools -> Internet Options -> Security.\n2. For each Web content zone, select custom level and disable the following items: DownLoad signed ActiveX, Run ActiveX Controls, Download Files and Java Permissions.")
)
)
: (OsMonitor
:type (plugin)
:parameters (
:os_version_mismatchmessage ("Please upgrade your operating system.")
:enforce_screen_saver_minutes_to_activate (3)
:screen_saver_mismatchmessage ("Your screen saver settings do not meet policy requirements\nPlease check the following settings:\n1. Right click on your desktop and select properties.\n2. Select the Screen Saver tab.\n3. Under Wait choose 3 minutes and check the Password Protection box.")
:send_log (alert)
:major_os_version_number_2k (5)
:minor_os_version_number_2k (0)
:os_version_operand_2k ("==")
:service_pack_major_version_number_2k (0)
:service_pack_minor_version_number_2k (0)
:service_pack_version_operand_2k (">=")
:major_os_version_number_xp (5)
:minor_os_version_number_xp (1)
:os_version_operand_xp ("==")
:service_pack_major_version_number_xp (0)
:service_pack_minor_version_number_xp (0)
:service_pack_version_operand_xp (">=")
:major_os_version_number_2003 (5)
:minor_os_version_number_2003 (2)
:os_version_operand_2003 ("==")
:service_pack_major_version_number_2003 (0)
:service_pack_minor_version_number_2003 (0)
:service_pack_version_operand_2003 (">=")
:major_os_version_number_7 (6)
:minor_os_version_number_7 (1)
:os_version_operand_7 ("==")
:service_pack_major_version_number_7 (0)
:service_pack_minor_version_number_7 (0)
:service_pack_version_operand_2003 (">=")
:major_os_version_number_8 (6)
:minor_os_version_number_8 (2)
:os_version_operand_8 ("==")
:service_pack_major_version_number_8 (0)
:service_pack_minor_version_number_8 (0)
:service_pack_version_operand_8 (">=")
:major_os_version_number_81 (6)
:minor_os_version_number_81 (3)
:os_version_operand_8 ("==")
:service_pack_major_version_number_81 (0)
:service_pack_minor_version_number_81 (0)
:service_pack_version_operand_81 (">=")
:major_os_version_number_10 (10)
:minor_os_version_number_10 (0)
:os_version_operand_10 ("==")
:service_pack_major_version_number_10 (0)
:service_pack_minor_version_number_10 (0)
:service_pack_version_operand_10 (">=")
)
)
: (ProcessMonitor
:type (plugin)
:parameters (
:begin_or (or1)
:AntiVirus1.exe (true)
:AntiVirus2.exe (true)
:end (or1)
:IntrusionMonitor.exe (true)
:ShareMyFiles.exe (false)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please check that the following processes are running:\n1. AntiVirus1.exe or AntiVirus2.exe\n2. IntrusionMonitor.exe\n\nPlease check that the following process is not running\n1. ShareMyFiles.exe")
:end (admin)
)
)
: (groupmonitor
:type (plugin)
:parameters (
:begin_or (or1)
:begin_and (1)
:"builtin\administrator" (false)
:"BUILTIN\Users" (true)
:end (1)
:begin_and (2)
:"builtin\administrator" (true)
:"BUILTIN\Users" (false)
:end (and2)
:end (or1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("You are using SecureClient with a non-authorized user.\nMake sure you are logged on as an authorized user.")
:securely_configured_no_active_user (false)
:end (admin)
)
)
: (HotFixMonitor
:type (plugin)
:parameters (
:147222 (true)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please install security patch Q147222.")
:end (admin)
)
)
: (AntiVirusMonitor
:type (plugin)
:parameters (
:type ("Norton")
:Signature (">=20020819")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please update your AntiVirus (use the LiveUpdate option).")
:end (admin)
)
)
: (HWMonitor
:type (plugin)
:parameters (
:cputype ("GenuineIntel")
:cpumodel ("9")
:cpufamily ("6")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your machine must have an\nIntel(R) Centrino(TM) processor installed.")
:end (admin)
)
)
: (ScriptRun
:type (plugin)
:parameters (
:exe ("VerifyScript.bat")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Verification script has determined that your configuration does not meet policy requirements.")
:end (admin)
)
)
: (RegMonitor
:type (plugin)
:parameters (
:value ("Software\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternVer>=414")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please update your AntiVirus (use the LiveUpdate option).")
:end (admin)
)
)
: (SCVMonitor
:type (plugin)
:parameters (
:scv_version ("54014")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please upgrade your Secure Configuration Verification products package.")
:end (admin)
)
)
: (sc_ver_scv
:type (plugin)
:parameters (
:Default_SecureClientBuildNumber (52032)
:Default_EnforceBuildOperand ("==")
:MismatchMessage ("Please upgrade your SecureClient.")
:EnforceBuild_9X_Operand (">=")
:SecureClient_9X_BuildNumber (52030)
:EnforceBuild_NT_Operand ("==")
:SecureClient_NT_BuildNumber (52032)
:EnforceBuild_2K_Operand (">=")
:SecureClient_2K_BuildNumber (52032)
:EnforceBuild_XP_Operand (">=")
:SecureClient_XP_BuildNumber (52032)
)
)
)
:SCVPolicy (
: (RegistryMonitor)
)
:SCVGlobalParams (
:enable_status_notifications (false)
:status_notifications_timeout (10)
:disconnect_when_not_verified (false)
:block_connections_on_unverified (false)
:scv_policy_timeout_hours (168)
:enforce_ip_forwarding (false)
:not_verified_script ("")
:not_verified_script_run_show (false)
:not_verified_script_run_admin (false)
:not_verified_script_run_always (false)
:allow_non_scv_clients (false)
:skip_firewall_enforcement_check (false)
)
)

any idea on this issue anyone?

0 Kudos
1 Solution

Accepted Solutions
Alex_Sazonov
Employee
Employee

Hi @Gorbiabimanyu 

Please check Remote Access  admin guide for Configuring SCV - Logical Sections:

The begin_and (andX) label - this label is similar to the begin_or (orX)label, but the expressions inside are evaluated and logically ANDed. The end of this section is marked by the end (andX) or the end (orX) label. As mentioned earlier, simple subsequent expressions are automatically ANDed. The reason that this label exists is to allow nested ANDed sections inside ORed sections. For example, if an administrator considers old browsers as secure since they do not have a lot of potentially unsafe components, and new browsers as secure, since they contain all the latest security patches, he can define the following SCV rules:

:begin_or (or1)

:begin_and (and1)

:browser_major_version (5)

:browser_minor_version (0)

:browser_version_operand (">=")

:end (and1)

:begin_and (and2)

:browser_major_version (3)

:browser_minor_version (0)

:browser_version_operand ("<=")

:end (and2)

:end (or1)

 

In your case you have incorrect start of begin_and

 

: (RegistryMonitor
:type (plugin)
:parameters (
:begin_and (1)
:string ("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\TRAC\client_sub_type=EndpointSecurityIntegrated"
:end (and1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please use Check point Endpoint Security Software that was provided by ********")
:end (admin)
)
)

View solution in original post

0 Kudos
1 Reply
Alex_Sazonov
Employee
Employee

Hi @Gorbiabimanyu 

Please check Remote Access  admin guide for Configuring SCV - Logical Sections:

The begin_and (andX) label - this label is similar to the begin_or (orX)label, but the expressions inside are evaluated and logically ANDed. The end of this section is marked by the end (andX) or the end (orX) label. As mentioned earlier, simple subsequent expressions are automatically ANDed. The reason that this label exists is to allow nested ANDed sections inside ORed sections. For example, if an administrator considers old browsers as secure since they do not have a lot of potentially unsafe components, and new browsers as secure, since they contain all the latest security patches, he can define the following SCV rules:

:begin_or (or1)

:begin_and (and1)

:browser_major_version (5)

:browser_minor_version (0)

:browser_version_operand (">=")

:end (and1)

:begin_and (and2)

:browser_major_version (3)

:browser_minor_version (0)

:browser_version_operand ("<=")

:end (and2)

:end (or1)

 

In your case you have incorrect start of begin_and

 

: (RegistryMonitor
:type (plugin)
:parameters (
:begin_and (1)
:string ("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\TRAC\client_sub_type=EndpointSecurityIntegrated"
:end (and1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please use Check point Endpoint Security Software that was provided by ********")
:end (admin)
)
)

0 Kudos