Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
241242243244245246247248249250
3-128
Designing Access Controls
Finalize Security Policies
If so, you can activate the Windows Startup Registry Entries Allowed test.
Viruses, worms, and spyware often lurk in the “run” and “runOnce” keys
of the Windows registry (which dictate which applications run at startup).
You can create a list of valid entries for these keys. In other words, instead
of simply checking for known viruses and malware, the NAC 800 assumes
that every “run” and “runOnce” key runs malware unless specifically
specified as allowed.
Caution This test is a rather extreme measure. Altering the registry keys can cause
serious problems that might only be fixed by reinstalling the OS. These
problems can occur if your policy omits a necessary value—or even if the
policy is correct but a well-meaning user attempting to comply with the
policy deletes the wrong registry entry.
If, after carefully considering these risks, you decide to activate the test,
fill in every service and application allowed to run when an endpoint starts
up. Then list the services and applications in the correct format for your
NAC policy. The easiest valid format is the name of the key. For example,
“updater.” You can find keys by accessing the Windows registry and
looking in these folders, which the NAC 800 scans for this test:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer-
sion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVer-
sion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer-
sion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVer-
sion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer-
sion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer-
sion\RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer-
sion\RunOnce\Setup