Checkpoint R55 SecuRemote "SCV" Checks

#0
03.11.2005, 07:53
...neu hier

Beiträge: 4
#1 Hallöchen,

hat jemand evtl. schon beim Checkpoint R55 SecuRemote Managment-Server die SCV-Checks aktiv geschaltet und kennt sich etwas damit aus ?

Ich habe von einem Kollegen eine Infrastruktur übernommen mit einem 3er Gateway-Cluster und 2 Managment-Servern.
Dieser hat das Unternehmen verlassen und mir versichert, dass über die SCV-Checks auf den Clients überprüft wird ob der geforderte Virenscanner auf den Clients vorhanden ist.
Ausserdem sollen die Virenpatternstände auf das aktuelle Datum hin überprüft werden.

Ich habe mir die Datei mal etwas näher angeschaut und habe jetzt die Befürchtung, dass hier gar nix stimmt und bräuchte etwas Unterstützung.

kann mal jemand drüber schauen, der sich damit auskennt ;-)

bin für jede Art von Hilfe dankbar................



Zitat

(SCVObject
:SCVNames (
: (user_policy_scv
:type (plugin)
:parameters (
)
)
: (BrowserMonitor
:type (plugin)
:parameters (
:browser_major_version (5)
:browser_minor_version (0)
:browser_version_operand (">=")
:browser_version_mismatchmassage ("Die VPN Einwa
hl setzt eine aktuelle Browserversion vorraus. ")
)
)
: (OsMonitor
:type (plugin)
:parameters (
:os_version_mismatchmessage ("Die VPN Einwahl se
tzt eine aktuelle Betriebssystem Version vorraus. ")
:enforce_screen_saver_minutes_to_activate (0)
:screen_saver_mismatchmessage ("Die VPN Einwahl
setzt einen aktiven Bildschirmschoner-Passwortschutz vorraus. ")
:send_log (log)
:major_os_version_number_9x (4)
:minor_os_version_number_9x (10)
:os_version_operand_9x (">=")
:service_pack_major_version_number_9x (0)
:service_pack_minor_version_number_9x (0)
:service_pack_version_operand_9x (">=")
:major_os_version_number_nt (4)
:minor_os_version_number_nt (0)
:os_version_operand_nt ("==")
:service_pack_major_version_number_nt (5)
:service_pack_minor_version_number_nt (0)
:service_pack_version_operand_nt (">=")
:major_os_version_number_2k (5)
:minor_os_version_number_2k (0)
:os_version_operand_2k ("==")
:service_pack_major_version_number_2k (0)
:service_pack_minor_version_number_2k (0)
:service_pack_version_operand_2k (">=")
:major_os_version_number_xp (5)
:minor_os_version_number_xp (1)
:os_version_operand_xp ("==")
:service_pack_major_version_number_xp (0)
:service_pack_minor_version_number_xp (0)
:service_pack_version_operand_xp (">=")
)
)
: (ProcessMonitor
:type (plugin)
:parameters (
:begin_or (or1)
:SAVScan.exe (true)
:navapsvc.exe (true)
:mcshield.exe (true)
:Rtvscan.exe (true)
:InoRT.exe (true)
:SWEEPSRV.SYS (true)
:AVGUARD.EXE (true)
:avgcc.exe (true)
:pccntmon.exe (true)
:avkwctl.exe (true)
:end (or1)
:trojan.exe (false)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Die VPN Einwahl setzt
eine spezifische Antivirensoftware vorraus! ")
:end (admin)
)
)
: (groupmonitor
:type (plugin)
:parameters (
:begin_or (or1)
:begin_and (1)
:"builtin\administrator" (false)
:"BUILTIN\Users" (true)
:end (1)
:begin_and (2)
:"builtin\administrator" (true)
:"BUILTIN\Users" (false)
:end (and2)
:end (or1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("You are using SecureC
lient with a non-authorized user.\nMake sure you are logged on as an authorized
user.")
:securely_configured_no_active_user (fal
se)
:end (admin)
)
)
: (HotFixMonitor
:type (plugin)
:parameters (
:147222 (true)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Die VPN Einwahl setzt
eine spezifische HotFix Version vorraus.")
:end (admin)
)
)
: (AntiVirusMonitor
:type (plugin)
:parameters (
:type ("Norton")
:Signature (">=20030819")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Die VPN Einwahl setzt
eine neue Antiviren Signatur vorraus (verwenden Sie bspw. die LiveUpdate Option
).")
:end (admin)
)
)
: (HWMonitor
:type (plugin)
:parameters (
:cputype ("GenuineIntel")
:cpumodel ("9")
:cpufamily ("6")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your machine must hav
e an\nIntel(R) Centrino(TM) processor installed.")
:end (admin)
)
)
: (ScriptRun
:type (plugin)
:parameters (
:exe ("VerifyScript.bat")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Verification script h
as determined that your configuration does not meet policy requirements.")
:end (admin)
)
)
: (RegMonitor
:type (plugin)
:parameters (
:value ("Software\TrendMicro\PC-cillinNTCorp\Cur
rentVersion\Misc.\PatternVer>=414")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please update your An
tiVirus (use the LiveUpdate option).")
:end (admin)
)
)
: (SCVMonitor
:type (plugin)
:parameters (
:scv_version ("54014")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Die VPN Einwahl setzt
eine bestimmte SCV Produktversion vorraus! ")
:end (admin)
)
)
: (sc_ver_scv
:type (plugin)
:parameters (
;)efault_SecureClientBuildNumber (52032)
;)efault_EnforceBuildOperand ("==")
:MismatchMessage ("Die VPN Anbindung setzt eine
aktuelle SecureClient Version vorraus! ")
:EnforceBuild_9X_Operand (">=")
:SecureClient_9X_BuildNumber (52030)
:EnforceBuild_NT_Operand ("==")
:SecureClient_NT_BuildNumber (52032)
:EnforceBuild_2K_Operand (">=")
:SecureClient_2K_BuildNumber (52032)
:EnforceBuild_XP_Operand (">=")
:SecureClient_XP_BuildNumber (52032)
)
)
)
:SCVPolicy (
: (BrowserMonitor)
: (ProcessMonitor)
: (OsMonitor)
: (HotFixMonitor)
)
:SCVGlobalParams (
:enable_status_notifications (true)
:status_notifications_timeout (10)
:disconnect_when_not_verified (false)
:block_connections_on_unverified (true)
:scv_policy_timeout_hours (168)
:enforce_ip_forwarding (false)
:not_verified_script ("")
:not_verified_script_run_show (false)
:not_verified_script_run_admin (false)
:not_verified_script_run_always (false)
)
)
[root@muc-mgmt-p1-2:/opt/CPmds-R55/customers/Internet_MUC/CPfw1-R55/conf]%
[root@muc-mgmt-p1-2:/opt/CPmds-R55/customers/Internet_MUC/CPfw1-R55/conf]%
[root@muc-mgmt-p1-2:/opt/CPmds-R55/customers/Internet_MUC/CPfw1-R55/conf]%
[root@muc-mgmt-p1-2:/opt/CPmds-R55/customers/Internet_MUC/CPfw1-R55/conf]% more local.scv
(SCVObject
:SCVNames (
: (user_policy_scv
:type (plugin)
:parameters (
)
)
: (BrowserMonitor
:type (plugin)
:parameters (
:browser_major_version (5)
:browser_minor_version (0)
:browser_version_operand (">=")
:browser_version_mismatchmassage ("Die VPN Einwahl setzt eine aktuelle Browserversi
on vorraus. ")
)
)
: (OsMonitor
:type (plugin)
:parameters (
:os_version_mismatchmessage ("Die VPN Einwahl setzt eine aktuelle Betriebssystem Ve
rsion vorraus. ")
:enforce_screen_saver_minutes_to_activate (0)
:screen_saver_mismatchmessage ("Die VPN Einwahl setzt einen aktiven Bildschirmschon
er-Passwortschutz vorraus. ")
:send_log (log)
:major_os_version_number_9x (4)
:minor_os_version_number_9x (10)
:os_version_operand_9x (">=")
:service_pack_major_version_number_9x (0)
:service_pack_minor_version_number_9x (0)
:service_pack_version_operand_9x (">=")
:major_os_version_number_nt (4)
:minor_os_version_number_nt (0)
:os_version_operand_nt ("==")
:service_pack_major_version_number_nt (5)
:service_pack_minor_version_number_nt (0)
:service_pack_version_operand_nt (">=")
:major_os_version_number_2k (5)
:minor_os_version_number_2k (0)
:os_version_operand_2k ("==")
:service_pack_major_version_number_2k (0)
:service_pack_minor_version_number_2k (0)
:service_pack_version_operand_2k (">=")
:major_os_version_number_xp (5)
:minor_os_version_number_xp (1)
:os_version_operand_xp ("==")
:service_pack_major_version_number_xp (0)
:service_pack_minor_version_number_xp (0)
:service_pack_version_operand_xp (">=")
)
)
: (ProcessMonitor
:type (plugin)
:parameters (
:begin_or (or1)
:SAVScan.exe (true)
:navapsvc.exe (true)
:mcshield.exe (true)
:Rtvscan.exe (true)
:InoRT.exe (true)
:SWEEPSRV.SYS (true)
:AVGUARD.EXE (true)
:avgcc.exe (true)
:pccntmon.exe (true)
:avkwctl.exe (true)
:end (or1)
:trojan.exe (false)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Die VPN Einwahl setzt eine spezifische Antivirensoftware
vorraus! ")
:end (admin)
)
)
: (groupmonitor
:type (plugin)
:parameters (
:begin_or (or1)
:begin_and (1)
:"builtin\administrator" (false)
:"BUILTIN\Users" (true)
:end (1)
:begin_and (2)
:"builtin\administrator" (true)
:"BUILTIN\Users" (false)
:end (and2)
:end (or1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("You are using SecureClient with a non-authorized user.\n
Make sure you are logged on as an authorized user.")
:securely_configured_no_active_user (false)
:end (admin)
)
)
: (HotFixMonitor
:type (plugin)
:parameters (
:147222 (true)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Die VPN Einwahl setzt eine spezifische HotFix Version vo
rraus.")
:end (admin)
)
)
: (AntiVirusMonitor
:type (plugin)
:parameters (
:type ("Norton")
:Signature (">=20030819")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Die VPN Einwahl setzt eine neue Antiviren Signatur vorra
us (verwenden Sie bspw. die LiveUpdate Option).")
:end (admin)
)
)
: (HWMonitor
:type (plugin)
:parameters (
:cputype ("GenuineIntel")
:cpumodel ("9")
:cpufamily ("6")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your machine must have an\nIntel(R) Centrino(TM) process
or installed.")
:end (admin)
)
)
: (ScriptRun
:type (plugin)
:parameters (
:exe ("VerifyScript.bat")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Verification script has determined that your configurati
on does not meet policy requirements.")
:end (admin)
)
)
: (RegMonitor
:type (plugin)
:parameters (
:value ("Software\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternVer>=414")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Please update your AntiVirus (use the LiveUpdate option)
.")
:end (admin)
)
)
: (SCVMonitor
:type (plugin)
:parameters (
:scv_version ("54014")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Die VPN Einwahl setzt eine bestimmte SCV Produktversion
vorraus! ")
:end (admin)
)
)
: (sc_ver_scv
:type (plugin)
:parameters (
;)efault_SecureClientBuildNumber (52032)
;)efault_EnforceBuildOperand ("==")
:MismatchMessage ("Die VPN Anbindung setzt eine aktuelle SecureClient Version vorra
us! ")
:EnforceBuild_9X_Operand (">=")
:SecureClient_9X_BuildNumber (52030)
:EnforceBuild_NT_Operand ("==")
:SecureClient_NT_BuildNumber (52032)
:EnforceBuild_2K_Operand (">=")
:SecureClient_2K_BuildNumber (52032)
:EnforceBuild_XP_Operand (">=")
:SecureClient_XP_BuildNumber (52032)
)
)
)
:SCVPolicy (
: (BrowserMonitor)
: (ProcessMonitor)
: (OsMonitor)
: (HotFixMonitor)
)
:SCVGlobalParams (
:enable_status_notifications (true)
:status_notifications_timeout (10)
:disconnect_when_not_verified (false)
:block_connections_on_unverified (true)
:scv_policy_timeout_hours (168)
:enforce_ip_forwarding (false)
:not_verified_script ("")
:not_verified_script_run_show (false)
:not_verified_script_run_admin (false)
:not_verified_script_run_always (false)
)
)
Seitenanfang Seitenende