Win 7 Scan

General support questions for the Secutor Prime product.
john_oregon
Posts: 3
Joined: Thu Feb 04, 2010 8:40 am

Win 7 Scan

Postby john_oregon » Fri Feb 05, 2010 10:31 am

In the absence of Win 7 FDCC guidance, I wanted to run the Vista scan against windows 7. I was having difficulty getting a higher pass rate.

What I found is that if I tell Secutor Prime to "fix" all the findings, then rescan, the number of findings are the same; there is still a red X in most of the checks. Also, the information on the "Findings" tab shows the current registry value.

It appears that the scanning engine is looking at the fact that the OS is not vista and failing these settings.

Question: Is there any way to have Secutor Prime accurately show that the setting is correct, independent of the operating system?

Thanks.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Tue Feb 09, 2010 1:36 pm

You are correct, the scanning engine is failing the settings because Windows 7 is not Vista.

However, it's not Secutor Prime that is driving this behavior, but the benchmark itself. Part of each rule in the Vista benchmark (for that matter, all XCCDF content from NIST) is to check the OS of the machine being tested, with a fail result being reported if the machine is not running the OS that the test was written for.

In all likelihood a benchmark for Windows 7 will soon be available from NIST, which we will also then make available via the Secutor Prime auto update.

If you prefer to not wait for an official Windows 7 benchmark from NIST, please contact us directly via email at

Support@ThreatGuard.com

for other options.

john_oregon
Posts: 3
Joined: Thu Feb 04, 2010 8:40 am

Postby john_oregon » Fri Feb 12, 2010 1:57 pm

bump

I sent an email to support@threatguard.com a few days ago but have not received a reply. Is the "workaround" that was suggested in your previous post something you can post in this forum?

Thanks for the help.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Fri Feb 12, 2010 7:51 pm

I saw your message and sent a response shortly after. I will re-send a copy, but check your spam filter just to be sure.

Avoch26

Re: Win 7 Scan

Postby Avoch26 » Sat May 01, 2010 7:57 am

john your working is too good

jhartig
Posts: 2
Joined: Tue Jan 06, 2009 10:36 am

Beta WIN7 SCAP files

Postby jhartig » Wed May 05, 2010 1:55 pm

Check out the latest gov't initiative ... The United States Government Configuration Baseline (USGCB)

http://usgcb.nist.gov/index.html
J Hartig

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Wed May 05, 2010 2:13 pm

An update for Secutor Prime will be available later today that addresses some issues that turned up during the validation of the Windows 7 content.

This update is primarily to address application stability issues that showed up under certain conditions.

Note that the USGCB content is separated into benchmarks targeted specifically at 32-bit and 64-bit hardware -- be sure you are using the correct benchmark for your hardware.

Also note that an assessment against a 64-bit OS running on 64-bit hardware will only accurately reflect the operational status of that machine if the assessment is performed by a 64-bit application. Instructions for getting Secutor Prime to run in 64-bit mode can be found in this post:

http://forums.threatguard.com/viewtopic.php?t=40

Now that 64-bit platforms are being specifically addressed, we will soon be releasing a version of Secutor Prime (and other products) that more seamlessly work on those systems.

john_oregon
Posts: 3
Joined: Thu Feb 04, 2010 8:40 am

New Content?

Postby john_oregon » Tue May 18, 2010 12:22 pm

Gunnar, is there was any new windows 7 XCCDF (64 bit) content available for download?

Thanks

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Tue May 18, 2010 12:56 pm

The USGCB site has Windows 7, Windows 7 firewall, and IE8 content available for download:

http://usgcb.nist.gov/usgcb_content.html

The content is broken out into 32- and 64-bit versions for Windows 7 and Windows 7 Firewall -- the IE8 content should apply to either version.

This content is not official release yet -- NIST is labeling it as alpha. However, having had a chance to look through it thoroughly, I find the quality of it to be very high.

This content will work fine with the current release of Secutor Prime (build 3018). We are also within a couple of days of releasing another update to Secutor Prime that will make dealing with 32/64-bit assessments much easier.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Wed May 19, 2010 6:38 am

That's really not a good idea. The Vista content was written specifically to implement the security guidance for the Vista OS and does not necessarily match the guidance for any other platform, which is why the content author explicitly set each test to only be valid when the target is Vista.

And as it turns out, the Windows 7 guidance does *not* exactly match the Vista guidance.

If your customer is requiring FDCC scanning of Windows 7, let them know that FDCC is being replaced by USGCB (basically it's the same thing, but with a different name). More information on that is available from

http://usgcb.nist.gov/

including content written specifically for Windows 7, IE8, and Windows 7 firewall.


Return to “Secutor Prime Support”

Who is online

Users browsing this forum: No registered users and 2 guests