This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bernhard_m
Collaborator
‎2022-08-29 06:44 AM

SCV RegMonitor matching DWORD values

Does anyone know how to correctly match REG_DWORD values in SCV (Secure Configuration Verification)?
While matching REG_SZ values is working fine for me using the following syntax:

 :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion>=6.3")

 ... matching the new Windows Version values which are REG_DWORD does not work:

 :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMajorVersionNumber==10")
 :string ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMinorVersionNumber>=0")

I also tried using :value instead of :string but it made no difference.

What I'm also interested in is how the >= operator is exactly working with non numeric values like in DisplayVersion which looks like "20H2".

The previously used keys CurrentVersion and ReleaseId seem not to be updated by Windows anymore since they are still 6.3 and 2009 on my Windows 10 machine.

If there is a better way to prevent older windows versions to connect its also welcome. I just have not figured out yet how  OsMonitor does work since begin_and/begin_or are not allowed in this section.

Final aim is to prevent clients lower than Win10 21H1 to connect.

Thanks, Bernhard

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2022-09-01 05:04 PM

Pretty sure you can only use >= with things that have a numeric value, at least based on the documentation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-...

If you're checking major version, this is the way to do it: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top