Search found 81 matches

by gunnar
Mon Apr 08, 2013 9:53 am
Forum: Secutor Prime Support
Topic: Windows 8, IE10
Replies: 2
Views: 9023

Re: Windows 8, IE10

Sadly, no, we have not yet seen any guidance for Windows 8 that can be turned into a benchmark, let alone an actual USGCB benchmark. You can certainly use the Advanced interface for Secutor Prime to bypass the CPE check and force the existing Windows 7 benchmark to be run against a Windows 8 asset. ...
by gunnar
Fri Aug 31, 2012 9:19 am
Forum: Secutor Prime Support
Topic: Creating a scan template
Replies: 5
Views: 8947

The Server 2008 benchmarks each have multiple profiles. Each profile represents a different compliance role, so within the benchmark you can pick the one that best matches your need. The profile titled "MAC-1_Classified" (Mission Critical Classified) is probably closest to SSLF, but we are...
by gunnar
Thu Aug 30, 2012 12:50 pm
Forum: Secutor Prime Support
Topic: Creating a scan template
Replies: 5
Views: 8947

Groovy. Let us know if that works out for you.
by gunnar
Tue Aug 28, 2012 4:23 pm
Forum: Secutor Prime Support
Topic: Creating a scan template
Replies: 5
Views: 8947

It sounds like what you are looking for is to create a Deviation Profile. This can only be created when Secutor Prime is in the "Advanced" interface style (Tools --> Interface Style --> Advanced). Once you have a sample machine locked down as close as your local policies allow, you can cre...
by gunnar
Mon Mar 12, 2012 12:13 pm
Forum: Secutor Prime Support
Topic: Moving Secutor from Windows to Linux, licensing question
Replies: 1
Views: 4903

Secutor Prime, Prime Pro, and Prime MD licenses are all for use as a single installed instance. If you remove a copy of Prime from a machine and the license is still valid, you can use that same license on a different install regardless of the operating system. The Auditor version of Secutor Prime h...
by gunnar
Wed Nov 16, 2011 10:41 am
Forum: Secutor Prime Support
Topic: Configuration audit a passive scan?
Replies: 1
Views: 5763

Secutor Prime strictly follows the SCAP specifications in that retrieves the information needed to determine every rule status via the means dictated by the driving benchmark. These benchmarks are peer-reviewed by the participants in the SCAP community to be definitive, accurate and safe. Part of th...
by gunnar
Thu Sep 22, 2011 11:52 am
Forum: Secutor Prime Support
Topic: File Permission Settings not getting remediated
Replies: 1
Views: 5235

Thanks for pointing this out. We had originally chosen not to override the inheritance flag when remediating file permissions, but we went ahead and implemented that in the latest Prime update, which was made available on September 15.
by gunnar
Fri Jun 17, 2011 9:36 am
Forum: Secutor Prime Support
Topic: Logon Fails SMB authentication
Replies: 3
Views: 7165

For purposes of Windows Firewall exceptions the predefined exception "File and Printer Sharing" covers it. For purposes of other intervening firewalls the preferred SMB port is TCP 445. Secutor Prime does a remote probe and only the services that are open will show up as green on the logon...
by gunnar
Thu Jun 16, 2011 11:30 am
Forum: Secutor Prime Support
Topic: Logon Fails SMB authentication
Replies: 3
Views: 7165

The underscore character is actually there, it just gets cropped at the bottom of the text box and is not visible. It's safe to ignore that as a possible cause. RDP uses a different port than is used for remote assessments. It's a good test to show that the account/password you are using do in fact ...
by gunnar
Thu Jun 16, 2011 11:15 am
Forum: Secutor Prime Support
Topic: Remote FDCC scan of Win XP SP3 machine
Replies: 1
Views: 5404

First, you should not need to manually select the benchmark when performing an assessment. Secutor Prime will automatically perform the CPE checks associated with each possible benchmark and present you with a list of benchmarks that apply to the target machine. When Secutor Prime is used in Simple ...
by gunnar
Thu May 12, 2011 2:31 pm
Forum: Secutor Prime Support
Topic: False positive in USGCB - Windows 7 scan
Replies: 9
Views: 15261

A new update for Secutor Prime has now been posted live that addresses this (build 4003).
by gunnar
Fri Apr 22, 2011 11:11 am
Forum: Secutor Prime Support
Topic: False positive in USGCB - Windows 7 scan
Replies: 9
Views: 15261

Thanks, that confirms that the results you are seeing match what we are finding -- namely that the value the benchmark uses to determine pass/fail is not the same as what the test returns. After a careful review of the SCAP specifications we think we can make a programmatic fix to this that is legal...
by gunnar
Wed Apr 20, 2011 11:27 am
Forum: Secutor Prime Support
Topic: False positive in USGCB - Windows 7 scan
Replies: 9
Views: 15261

This looks like a simple case of the originating benchmark specifying a comparative value that doesn't match the output of the test. The test that determines this value is a WMI query against the RSOP namespace that returns a value of either "True" or "False". However, the benchm...
by gunnar
Wed Apr 20, 2011 9:51 am
Forum: Secutor Prime Support
Topic: False positive in USGCB - Windows 7 scan
Replies: 9
Views: 15261

Thanks, all of that information is helpful. That gives us a couple of data points to try to track down what is going on. One other thing that could prove very helpful is to be able to see the OVAL notes produced when Secutor Prime is evaluating this rule. If you'd rather not have that posted to a pu...
by gunnar
Tue Apr 19, 2011 2:00 pm
Forum: Secutor Prime Support
Topic: False positive in USGCB - Windows 7 scan
Replies: 9
Views: 15261

That is curious. BTW, I should have included it in the previous post, but as of right now the current version of Secutor Prime is Version 4 build 4002. That version has the SID/Name test in it. Here's one other thing that's worth a try. Run the command secedit.exe /export /quiet /cfg <FILENAME> This...

Go to advanced search