This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
zsszlama
Contributor
2 hours ago

Secure Configuration Verification

Hello Guys,

One of our customer wants to have a demo about host compliance check when they are connecting via RA VPN. They are using only hard clients. So I thought to create a demo environment with Secure Configuration Verification (SCV). As I read it's a legacy solution but I'm not aware of a different solution as they don't have Check Point Endpoint Security.

During my tests I run into two issues. I hope you can help me where should I search for a solution.

Issue1:

I cannot create an easy check where the SCV check says the client is compliant. I tried the following checks:

(SCVObject
	:SCVNames (
		: (BrowserMonitor
			:type (plugin)
			:parameters (
				:browser_major_version (5)
				:browser_minor_version (0)
				:browser_version_operand (">=")
				:browser_version_mismatchmassage ("Please upgrade your Internet browser.")
			)
		)
		: (OsMonitor
			:type (plugin)
			:parameters (
			:begin_or (or1)
			:begin_and (and1)
				os_build_number_10 (0)
				:os_build_operand_10 ("==")
			:end (and1)
			:begin_and (and2)
				:os_build_number_11 (0)
				:os_build_operand_11 ("==")
			:end (and2)
			:end (or1)
			:begin_admin (admin)
				:send_log (alert)
				:mismatchmessage ("update os")
			:end (admin)
			)
		)
		: (ProcessMonitor
			:type (plugin)
			:parameters (
				:explorer.exe (true)
				:begin_admin (admin)
					:send_log (alert)
					:mismatchmessage ("explorer.exe is not running")
				:end (admin)
			)
		)
		: (AntiVirusMonitor
			:type (plugin)
			:parameters (
				:type ("Windows Defender")
				:begin_admin (admin)
					:send_log (alert)
					:mismatchmessage ("Please update your AntiVirus (use the LiveUpdate option).")
				:end (admin)
			)
		)
	)
	:SCVPolicy (
		:(I tried all abow individually)
	)
	:SCVGlobalParams (
		:enable_status_notifications (true)
		:status_notifications_timeout (10)
		:disconnect_when_not_verified (false)
		:block_connections_on_unverified (false)
		:scv_policy_timeout_hours (168)
		:enforce_ip_forwarding (false)
		:not_verified_script ("")
		:not_verified_script_run_show (false)
		:not_verified_script_run_admin (false)
		:not_verified_script_run_always (false)
		:allow_non_scv_clients (false)
		:skip_firewall_enforcement_check (false)
	)
)

 

Issue2:

I rolled back the changes with copying back the original $FWDIR/conf/local.scv file. At this point the policy change worked. When I did a change by modifying $FWDIR/conf/local.scv the policy install failed with the following:

Policy: ##Standard
Status: Failed
- Failed to merge SCV policies. Local SCV file may be corrupt
- Desktop policies will not be installed on Policy Servers
- Failed to merge SCV policies. Local SCV file may be corrupt
- Desktop policies will not be installed on Policy Servers

I've restored again $FWDIR/conf/local.scv the policy install worked and after another config modification the install failed again.

Can you guys give me some helping hand with this issues?

Please let me know if you need more details.

Thanks in advance!

Zsolt

(1)
1 Reply
the_rock
Legend
Legend
2 hours ago

I remember back in the day working with TAC T3 and escalation guy after to try get this work for a customer and we could never sadly get it to function the way they wanted. Let me see if I can "dig" out some notes about it.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events