Compliance Check Objects

Each ComplianceClosed Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. Action RuleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. contains a Check object that defines the actual file, process, value or condition that the Compliance component looks for.

To create a new or change an existing Check object:

  1. In the Checks column or in the manage objects in your toolbar, click the relevant Check object.

    Note: To edit the existing check object, click the existing check object.

  2. Click New to create a new Check object.

  3. For System/Application/File Checks, fill in these fields.

    Option

    Description

    Name

    Unique name for this Check Object.

    Comment

    Optional: Free text description.

    Operating System

    Select the operating system that this Check object is enforced on.

    Registry value name

    Enter the registry key.

    Enabled only if the Modify and check registry checkbox is selected.

    To detect Log4j vulnerability, in the Registry value name field enter:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security\Compliance\Log4jScan and in the Registry value field, enter 1.

    Applies only to Windows.

    Registry value

    Enter the registry value to match.

    Enabled only if the Modify and check registry checkbox is selected.

    Applies only to Windows.
    Modify registry key and value

    Select an action:

    • Add

    • Replace

    • Update

    • Remove

    Enabled only if the Modify and check registry checkbox is selected.

    Applies only to Windows.
    Reg type

    Select a registry type:

    • REG_SZ

    • REG_DWORD

    Enabled only if the Modify and check registry checkbox is selected. Applies only to Windows.

    Check registry key and value

    Select one of these options to enable the registry check or clear to disable it:

    Registry key and value exist - Find the registry key and value.

    If the registry key exists, the endpoint computer is compliant for the required file.

    Registry key and value do not exist - Make sure the registry key and value do not exist.

    If the key does not exist, the endpoint computer is compliant for an application that is prohibited.

    Check File

    Select one of these options to check if an application is running or if a file exists:

    File is running at all times - For example, make sure that client is always running.

    File exists - For example, make sure that the user browsing history is always kept.

    File is not running - For example, make sure that DivX is not used.

    File does not exist - For example, make sure that a faulty DLL file is removed.

    File name

    Enter the name of the file or executable to look for. To see if this file is running or not, you must enter the full name of the executable, including the extension (either .exe or .bat).

    File path

    Enter the path without the file name.

    Select the Use environment variables of logged in user option to include paths defined in the system and user variables.

    Do not add the "\" character at the end of the path.macOS uses "/" and file PATH is case sensitive. For more information on macOS limitations, see sk110975.

    Check files Properties

    Additional options to check for an existing or non-existing file.

    Match the file version

    Make sure that a specific version or range of versions of the file or application complies with the file check.

    Match MD5 checksum

    Find the file by the MD5 Checksum. Click Calculate to compare the checksum on the endpoint with the checksum on the server.

    File is not older than

    Select this option and enter the maximum age, in days, of the target file. If the age is greater than the maximum age, the computer is considered to be compliant. This parameter can help detect recently installed, malicious files that are disguised as legitimate files.
    Check Domain

    Enable Check domain in order to specify the domain. Select a domain:

    • Any Domain

    • Specific Domain

    Applies only to macOS.

    Domain Name Enter the domain name if the specific domain is selected. Applies only to macOS.

  4. System Check can be grouped

    • Require at least one check to succeed – At least one of the Checks must match in order for Check to succeed.

    • Require all checks to succeed - All Checks must match in order for Check to succeed.

    For Group Check window, fill in these fields.

    Option

    Description

    Name

    Unique name for this Check Object.

    Comment

    Optional: Free text description.

     

    Select the action

    • Require at east one check to succeed

    • Require all checks to succeed

     

    Name of the check object.

    Click + to add check objects to the table