Support Center > Search Results > SecureKnowledge Details
How to modify registry entry or replace/install file on Endpoint Security Client using Compliance Blade
Solution

Introduction

The Endpoint Security Compliance Blade contains two new enhancement features allowing modification of the registry entries that do not comply with system policy, and adding/replacing missing or incorrect files on the client computer.

Registry modification enhancement

  1. First, you have to create a rule that checks a specific registry entry in the policy.

  2. Select the Action that has to be performed before the test

    ADD - When the value does not exist - adds it.

    REMOVE - Removes the existing value.

    REPLACE - Replaces existing value.

    UPDATE - Adds the value even if it exists (acts as ADD or REPLACE)

  3. Specify the type of the entry

    REG_SZ for strings and REG_DWORD for numbers.

  4. Modify the "Registry Value Name" entry adding Action and Value type, separated by spaces before the key path. For example:
    UPDATE REG_DWORD HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\EndPoint Security\LCID

  5. Save and install the policy.
  6. After the policy is deployed to the client and Compliance performs rules validation, the requested entry will be modified.

File modification enhancement

This enhancement allows you to add or replace the file on the client computer.

  1. First, create a rule that checks that the correct file already exists on the target computer. If you want to install a new file, it could be a simple "File exists" rule. If you need to replace an existing file, it is recommended to use MD5 hash validation.

  2. Create a Run File remediation.

  3. In the "Download Path", you MUST specify a full path for the downloaded file, including hardcoded name EPComplianceRemediationFile.bat. This name cannot be changed – it will force the enhancement to work.
    %PUBLIC%\EPComplianceRemediationFile.bat
        
  4. In the URL, you have to specify the file to be copied to the target system. If the file is not bat or exe, it will not be shown in the Browse dialog, and you have to copy its name into the URL field directly.
    File://C:\Users\admin.VART\Desktop\561992C9.key
        
  5. In the Parameters entry, write MOVE and after a space, the full path including the real file name on the target system, where the file has to be installed.
  6. MOVE C:\Program Files (x86)\CheckPoint\Endpoint Security\Anti-Malware\Avsys\license\561992C9.key
        
  7. Associate the created remediation action with the rule, and change the Action to Restrict to force remediation execution in case of rule check failure.

  8. Save and install the policy.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment