Support Center > Search Results > SecureKnowledge Details
How to modify a registry entry or replace/install a file on Endpoint Security Client using the Compliance Blade Technical Level
Solution

Introduction

The Endpoint Security Compliance Blade contains two new enhancement features. The new features let you modify the registry entries that do not comply with system policy, and add/replace missing or incorrect files on the client computer.

Registry modification enhancement

  1. Create a rule that checks a specific registry entry in the policy.

  2. Select the Action that has to be performed before the test.

    ADD - Adds the value when the value does not exist

    REMOVE - Removes the existing value

    REPLACE - Replaces the existing value

    UPDATE - Adds the value even if it exists (acts as ADD or REPLACE)

  3. Specify the type of the entry.

    REG_SZ for strings and REG_DWORD for numbers.

  4. Modify the Registry Value Name entry. Add Action and Value type, separated by spaces before the key path. For example:
    UPDATE REG_DWORD HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\EndPoint Security\LCID

  5. Save and install the policy.

  6. After the policy is deployed to the client and Compliance performs rules validation, the requested entry will be modified.

File modification enhancement

This enhancement lets you add or replace the file on the client computer.

  1. Create a rule that checks that the correct file already exists on the target computer. If you want to install a new file, it could be a simple "File exists" rule. If you need to replace an existing file, it is recommended to use MD5 hash validation.

  2. Create a Run File Remediation.

  3. In the Download Path entry, you must specify a full path for the downloaded file, including hardcoded name EPComplianceRemediationFile.bat. This name cannot be changed. It will force the enhancement to work.
    %PUBLIC%\EPComplianceRemediationFile.bat
        
  4. In the URL entry, you must specify the file to be copied to the target system. If the file is not bat or exe, it will not be shown in the Browse dialog, and you will have to copy its name into the URL field directly.
    File://C:\Users\admin.VART\Desktop\561992C9.key
        
  5. In the Parameters entry, write MOVE and after a space, the full path including the real file name on the target system, where the file has to be installed.
  6. MOVE C:\Program Files (x86)\CheckPoint\Endpoint Security\Anti-Malware\Avsys\license\561992C9.key
     
  7. Associate the created remediation action with the rule, and change the Action to Restrict to force remediation execution in the event of a rule check failure.

  8. Save and install the policy.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment