Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036625 - Firewall/Antivirus columns in UI do not update and Firewall_Disabled.sql/Antivirus_Disabled.sql IIOC does not trigger in RSA NetWitness Endpoint

Document created by RSA Customer Support

on Aug 24, 2018

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000036625
Applies To	RSA Product Set: NetWitness Endpoint RSA Product/Service Type: NetWitness Endpoint RSA Version/Condition: 4.3.x, 4.4.x Platform: Windows
Issue	There are two issues covered here: The Antivirus column and Firewall columns do not update in the UI. The Firewall_Disabled.sql IIOC will never trigger due to the agent not sending any updates on the status of the firewall as a consequence of the first issue.
Cause	This is due to the regkeys being queried being outdated and only applying to Windows XP and optionally to Vista. Since Security Center in Microsoft is spottily enforced, verifying firewall and antivirus functionality is inconsistent across operating systems and security vendors in the registry.
Resolution	Currently there is no resolution to this issue in 4.4 and 4.3; the feature, while technically a defect, is not being modified or fixed until 11.3 at the earliest. Some valid registry keys of note for reference only: \SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY \SERVICES\MPSSVC* \SOFTWARE\MICROSOFT\SECURITY CENTER
Workaround	There is no workaround other than to ignore this feature until it is remediated in the future, possible 11.3

Attachments

Outcomes

0 Comments

Recommended Content