This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Anders_Gustafss
Explorer
‎2021-03-24 08:12 AM

How do I do an "or" chooise in $FWDIR/conf/local.scv

Hi,

We have been using a SCV register check on our Windows 10 computers Mobile VPN clients for some years but we placed the registry check value in a "bad place" so every time we upgrade Window 10 the registry is updated and our registry value is deleted. 
Now we want to change the registry value to a "safer place" in registry and want to complement the $FWDIR/conf/local.scvfile with an "or" chooise so we can push out new Windows 10 images with the updated place i registry.

So my question is, how do we do an "or" chooise between two registry values in $FWDIR/conf/local.scv?

I can´t find any examples how to do this, but I hope it isn´t impossible and that someone know how to do it.

Regards
Anders

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-03-26 09:45 AM

Here's a slightly modified example from: https://community.checkpoint.com/t5/Remote-Access-VPN/Real-World-local-scv-Example/m-p/81381/highlig... 

		: (RegMonitor
			:type (plugin)
			:parameters (
				:begin_or (1)
                                        :string ("SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain=DomainA")
					:string ("SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain=DomainB")
				:end (or1)
				:begin_admin (admin)
					:send_log (alert)
					:mismatchmessage ("Must be member of DomainA or DomainB")
				:end (admin)
			)
		)

 

0 Kudos
Anders_Gustafss
Explorer
‎2021-04-08 01:35 AM
In response to PhoneBoy

Many thank´s PhoneBoy, you made my day 🙂

0 Kudos
Air
Contributor
‎2024-07-08 06:13 AM
In response to PhoneBoy

Hello,

Can you help?

I want check two different option in RegMonitor and write different message for every option.

Example: 1. check domain and 2. own record in registry.

And if 1 pass and 2 don't pass that send message about 2 option. If two option mismatch that two different message:

 

 

: (RegMonitor
:type (plugin)
:string ("SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain=def.domain")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your computer doesn't meet the domain membership requirements. Domain must be def.domain")
:end (admin)
:string ("SOFTWARE\WOW6432Node\Security Status="Red")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your computer Status Red. Please update status to Green.")
:end (admin)
)​

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-07-08 12:35 PM
In response to Air

For that, I believe you need two RegMonitor stanzas

  : (RegMonitor
    :type (plugin)
    :parameters (
       :string ("SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain=DomainA")
       :begin_admin (admin)
         :send_log (alert)
         :mismatchmessage ("Must be member of DomainA")
       :end (admin)
    )
  )
  : (RegMonitor
    :type (plugin)
    :parameters (
      :string ("SOFTWARE\WOW6432Node\Security Status="Red")
      :begin_admin (admin)
        :send_log (alert)
        :mismatchmessage ("Change computer status to Green")
      :end (admin)
    )
  )

 

 

0 Kudos
Air
Contributor
‎2024-07-08 12:56 PM
In response to PhoneBoy

Unfortunately, it doesn't work

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-07-08 01:25 PM
In response to Air

What is the precise behavior that occurs?
What do you see when you try and debug scv?
Follow the steps here: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_PerformanceTuning_AdminGuide/Topic... 
For the debug flags (Step 8), I believe you'll need fw ctl debug -m fw + scv

TAC may have other suggestions here.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events