Support Center > Search Results > SecureKnowledge Details
How to enforce a Check Point SCV (Secure Configuration Verification) check using the local.scv file Technical Level
Solution

This article describes how to configure SCV (Secure Configuration Verification). In the example, Norton Anti-Virus is used.

  1. Obtain the name of the .exe files of the Anti-Virus program. In this example, for Norton Anti-Virus, the file names are:

    • defwatch.exe
    • rtvscan.exe
  2. On the Security Management Server or Domain Management Server that manages the Security Gateway:

    1. Connect to the command line on Security Management Server or Multi-Domain Security Management Server.

    2. Log in to Expert mode.
    3. On a Multi-Domain Security Management Server, switch to the context of the Domain Management Server. Run:

      [Expert@HostName]# mdsenv <Domain_Name>
    4. Back up the $FWDIR/conf/local.scv file. Run:

      [Expert@HostName]# cp $FWDIR/conf/local.scv $FWDIR/conf/local.scv_ORIGINAL
    5. Edit the $FWDIR/conf/local.scv file:

      [Expert@HostName]# vi $FWDIR/conf/local.scv
    6. Modify the : (ProcessMonitor section:

      from
      : (ProcessMonitor
          :type (plugin)
          :parameters (
              :begin_or (or1)
                  :AntiVirus1.exe (true)
                  :AntiVirus2.exe (true)
              :end (or1)
              :IntrusionMonitor.exe (true)
              :ShareMyFiles.exe (false)
              :begin_admin (admin)
                  :send_log (alert)
                  :mismatchmessage ("Please check that the following processes are running:
      \n1. AntiVirus1.exe or AntiVirus2.exe\n2. IntrusionMonitor.exe\n\nPlease check that the following process is not running\n1. ShareMyFiles.exe") :end (admin) ) )
      to (based on our example for Norton Anti-Virus)
      : (ProcessMonitor
          :type (plugin)
          :parameters (
              :begin_or (or1)
                  :defwatch.exe (true)
                  :rtvscan.exe (true)
              :end (or1)
              :IntrusionMonitor.exe (true)
              :ShareMyFiles.exe (false)
              :begin_admin (admin)
                  :send_log (alert)
                  :mismatchmessage ("Please check that the following processes are running:
      \n1. defwatch.exe or rtvscan.exe\n2. IntrusionMonitor.exe\n\nPlease check that the following process is not running\n1. ShareMyFiles.exe") :end (admin) ) )
    7. Modify the :SCVPolicy section:

      from
      :SCVPolicy (
      )
      
      to
      :SCVPolicy (
        : (ProcessMonitor)
      )
      
      Note: This tells the unit that you want to enforce the local.scv file, and the SCV check for the "ProcessorMonitor" section will be enforced. If the client does not have those processes running, then this message shows: "Please check that the following processes are running:" and the connection to the encryption domain is either blocked or accepted (see the next step).
  3. In SmartDashboard, go to the Policy menu and click Global Properties > Remote Access > Secure Configuration Verification (SCV)

  4. In Apply Secure Configuration Verification select Apply Secure Configuration Verification on Simplified mode Firewall Policies

  5. In Upon verification failure select either Block Client's connection or Accept and log client's connection

  6. Configure the Simplified VPN mode rule base.

  7. Install the security policy and the desktop policy on the Security Gateway.

 

During desktop policy installation, the $FWDIR/conf/local.scv file is copied:

  • On the Management Server to the directory
    $FWDIR/state/<Name_of_GW_Object>/PS 
  • From the Management Server to the Security Gateway into the directory
    $FWDIR/state/local/PS/ 

The SecureClient gets a copy of this file after downloading the Topology.

Related Documents: Secure Configuration Verification (SCV) in the E80.72 and higher Remote Access Clients for Windows Administration Guide.

 

Related Solutions:

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment