Check Objects
Each Compliance Action Rule contains a Check object that defines the actual file, process, value or condition that the Compliance component looks for.
To create a new or change an existing Check object:
-
In the Checks column or in the manage objects in your toolbar, click the relevant Check object.
Note:To edit the existing check object, click the existing check object.
- Click New to create a new Check object.
-
For System/Application/File Checks, fill in these fields.
Option Description Name Unique name for this Check Object. Comment Optional: Free text description. Operating System Select the operating system that this Check object is enforced on. Registry value name Enter the registry key.
Enabled only if the Modify and check registry checkbox is selected.
Note:To detect Log4j vulnerability, in the Registry value name field enter:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security\Compliance\Log4jScanand in the Registry value field, enter 1.Applies only to Windows.
Registry value Enter the registry value to match.
Enabled only if the Modify and check registry checkbox is selected.
Applies only to Windows.
Modify registry key and value Select an action:
Add
Replace
Update
Remove
Enabled only if the Modify and check registry checkbox is selected.
Applies only to Windows.
Reg type Select a registry type:
REG_SZ
REG_DWORD
Enabled only if the Modify and check registry checkbox is selected. Applies only to Windows.
Check registry key and value Select one of these options to enable the registry check or clear to disable it:
Registry key and value exist - Find the registry key and value.
If the registry key exists, the endpoint computer is compliant for the required file.
Registry key and value do not exist - Make sure the registry key and value do not exist.
If the key does not exist, the endpoint computer is compliant for an application that is prohibited.
Check File Select one of these options to check if an application is running or if a file exists:
File is running at all times - For example, make sure that client is always running.
File exists - For example, make sure that the user browsing history is always kept.
File is not running - For example, make sure that DivX is not used.
File does not exist - For example, make sure that a faulty DLL file is removed.
File name Enter the name of the file or executable to look for. To see if this file is running or not, enter the full name of the executable, including the extension (either .exe or .bat). File path Enter the path without the file name.
Select the Use environment variables of logged in user option to include paths defined in the system and user variables.
Do not add the "\" character at the end of the path. macOS uses "/" and file PATH is case sensitive. For more information on macOS limitations, see sk110975.
Check files Properties Additional options to check for an existing or non-existing file. Match the file version Make sure that a specific version or range of versions of the file or application complies with the file check. Match MD5 checksum Find the file by the MD5 Checksum. Click Calculate to compare the checksum on the endpoint with the checksum on the server. File is not older than Select this option and enter the maximum age, in days, of the target file. If the age is greater than the maximum age, the computer is considered to be compliant. This parameter can help detect recently installed, malicious files that are disguised as legitimate files. Check Domain Enable Check domain in order to specify the domain. Select a domain:
Any Domain
Specific Domain
Applies only to macOS.
Domain Name Enter the domain name if the specific domain is selected. Applies only to macOS. -
System Check can be grouped.
Require at least one check to succeed - At least one of the Checks must match in order for Check to succeed.
Require all checks to succeed - All Checks must match in order for Check to succeed.
For Group Check window, fill in these fields.
Option Description Name Unique name for this Check Object. Comment Optional: Free text description. Action Select the action:
Require at least one check to succeed
Require all checks to succeed
Check Objects Name of the check object.
Click + to add check objects to the table.