Unable to map a drive in Windows XP after ThreatGuard Secuto

General support questions for the Secutor Prime product.
ovilomar
Posts: 3
Joined: Mon Apr 07, 2008 12:37 pm

Unable to map a drive in Windows XP after ThreatGuard Secuto

Postby ovilomar » Mon Apr 07, 2008 12:50 pm

One of my users just installed ThreatGuard Secutor Prime on his laptop. Now he is unable to authenticate through one of his mapped drive to an FTP server. He used to access and login fine before the install. Can anyone provide me with a possible solution? Thanks

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Mon Apr 07, 2008 1:47 pm

Simply installing Secutor Prime or running assessments with it will not make any changes to the computer. Only the licensed version of Secutor Prime can make changes.

You can undo any changes by using the Restore System command from under the Tools menu.

If your user is not using a licensed version of Secutor Prime then this change will not have been caused by Secutor Prime.

ovilomar
Posts: 3
Joined: Mon Apr 07, 2008 12:37 pm

Unable to map a drive in Windows XP after ThreatGuard Secuto

Postby ovilomar » Mon Apr 07, 2008 2:42 pm

This is a licensed version of ThreatGuard and a handful of users has been asked to test before we roll out this product to several other people in the company. I asked the question thinking that some security measure within TreatGuard might consider external connection a red flag and disabled a particular protocol or finctionality of Windows. If I undertood correctly you have suggested that nothing has changed after the installation and that it can be uninstalled at anytime. Am I correct? Any other suggestion? Thanks

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Mon Apr 07, 2008 6:12 pm

Secutor Prime products do not have any features inherent to the product that preclude remote connections. The software doesn't provide active security like a firewall or IPS.

Which version of Secutor Prime do you have (the logo on the product will tell you)?
Secutor Prime Standard and Professional can remediate items on the local system that are found to be out of compliance with the settings defined in the SCAP content from NIST. This content and the settings are explained in the FDCC checklist section of NIST's National Vulnerability Database (NVD) website (nvd.nist.gov)

If a user pressed "fix" in Secutor Prime, every configuration item that was found out of compliance would be put into compliance. If you review the NIST documentation at the link above, there are a variety of settings that could hinder remote connections (Lanman authentication being set to "5", Microsoft Network client (or server): Digitally sign communications (always)) are two example. That is why we suggest users modify a single setting at a time to ensure they don't break their system (and of course test on a non-operational system).

If changes have been made, don't uninstall Prime until you undo those changes. Otherwise you'll be stuck trying to track and restore what changed by hand.

ovilomar
Posts: 3
Joined: Mon Apr 07, 2008 12:37 pm

Unable to map a drive in Windows XP after ThreatGuard Secuto

Postby ovilomar » Tue Apr 08, 2008 9:10 am

I was able to follow one of your advice. We used the Restore System option within Secutor Prime and it brought back the original Windows registry settings. After the reboot, the user was able to map the network drive again. I asked the user to re-apply the Fix again, reboot and able to map the network drive. It appears something went wrong during the process. Thank you very much for your assistant on this. It is good to know that there is a backdoor to reverse any changes made by this product.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Tue Apr 08, 2008 10:44 am

Glad to hear you are back to working again.

This is probably nothing new to you, but I'll give a little more detail for others dealing with similar issues:

Prime is set up so you can selectively choose which items you are going to remediate and you can undo a single item or all changes. We did this so that administrators like yourself can easily find which FDCC rules you can comply to and which have an adverse affect within your network.

For those items that cannot be made to comply to the FDCC Prime also has a deviation profiler that captures the justification for the deviation, POAM information (if used), etc. This deviation information is saved and can then be applied every time an assessment is run so those accepted deviations are no longer scored against you.

The deviation information can also be imported into our enterprise compliance management tool Secutor Magnus and licensed users of the Professional version of Secutor Prime can also use the deviation information to generate the FDCC report required by the OMB mandate.


Return to “Secutor Prime Support”

Who is online

Users browsing this forum: No registered users and 3 guests