Symantec IT Risk and Compliance Product Group

 View Only
Expand all | Collapse all

R&A DWORD registry check - are errors normal when key/value does not exist?

  • 1.  R&A DWORD registry check - are errors normal when key/value does not exist?

    Posted Oct 10, 2012 07:38 PM

    Running 10.5.1 PCU 2011-4, Windows Server 2003 

    Getting errors in the Data  Collection "Failures" tab when a registry key/value does not exist. 

    Is this normal even when I have a precondition that should skip the check if it doesn't exist?

    Am I doing something wrong here?  Or is this normal to get errors when the registry key/value does not exist even though I specify a precondition where the check should be skipped?

    The Check Summary states the following (removing specific names of products, names, and value in the registry key)

    Precondition Text:
    [Is a Key? = 'true' Where Key/Value Name = 'HKLM\SOFTWARE' with Missing Data Outcome being 'Fail' and Multiple Data Operator being 'AND' ] AND [Is a Key? = 'true' Where Key/Value Name = 'HKLM\Software\yada\yada\yada' with Missing Data Outcome being 'Fail' and Multiple Data Operator being 'AND' ]

    Formula Text:
    [Value as DWORD >= 'actualvalue' Where Key/Value Name = 'HKLM\SOFTWARE\yada\yada\yada\yada' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ]

    Help?

    Aaron

     

     



  • 2.  RE: R&A DWORD registry check - are errors normal when key/value does not exist?

    Posted Oct 24, 2012 02:17 AM

    You may want to change your pre-condition to this:

    Key/Value Name = 'hklm\software\yada\yada\yada'  where Key/Value Name = 'hklm\software\yada\yada\yada'  and missing data outcome being "unknown" and Multiple data Operator being 'AND'

    I know that this seems redundant and it looks like you were trying to do this in your pre-condition, but it is a requirement so that you filter the list of possible key names to the one you are looking for.   You will need to verify the spelling and make sure you use HKLM instead o HKey_Local_Machine

    Hope this helps



  • 3.  RE: R&A DWORD registry check - are errors normal when key/value does not exist?

    Posted Dec 13, 2012 10:37 AM

    I've found registry paths to be case-sensitive in the check builder.