Configuring the vGW Series Introspection Registry Feature

The Security Design VM Introspection > Settings > vGW Application Settings > Registry Values feature includes a disk introspection enhancement that allows you to populate a value in the registry that you can then use in Compliance inspections and in Smart Groups. The Registry Values page displays a list of registry values that are scanned on VMs during the inspection process.

Before you use the Registry Values page to configure the registry introspection settings, you must be familiar with the Introspection module. For details, see Understanding the vGW Series Introspection Module and in particular the other topics identified in the Related Topics section of this topic.

This example assumes that you want vGW Series to scan for data in key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50.

  1. On the Introspection > Settings > vGW Application Settings > Registry Values page, configure a new registry key. See Figure 100.

    Figure 100: Configuring a New Registry Key

    Configuring a New Registry Key
    1. In the Name: field, enter Install Directory of AV.
    2. In the Key: field, enter HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50.

      Warning: The Key that you enter must begin with the prefix HKEY_LOCAL_MACHINE\. This is the only registry root that vGW Security VM currently supports. If the key that you enter does not contain this prefix, vGW Series displays the following alert message and highlights the Key input field.

      Currently only registry values under root HKEY_LOCAL_MACHINE are supported. Please enter a key that starts with HKEY_LOCAL_MACHINE.

    3. In the Value Name: field, enter InstallDir.
    4. In the Data: field, enter C:\Program Files\Symantec\Symantec Endpoint Protection\. This is the enforcer data.
  2. To include this and all other configured Registry Values in a scheduled scan:
    1. Check the option Scan Windows registry for pre-defined keys on the Introspection module Scheduling tab > Add Schedule pane. See Figure 101.

      Figure 101: Add Schedule for Scan Page

      Add Schedule for Scan Page

To include this and all other configured Registry Values in an Enforcer Profile.

  1. On the Introspection > Enforcer Profile > Add Enforcer Profile pane, create a profile.
  2. Ensure that the Ignore differences in inspected registry keys check box is not selected. See Figure 102.

    Figure 102: Add an Enforcer Profile that Allows for Registry Scans

    Add an Enforcer Profile that Allows
for Registry Scans

    Now scans that you initiate by clicking Scan Now on the Introspection > Scan Status page will scan registry keys.

To use registry values in a Smart Group:

  1. On the Settings > Security Settings > Groups page, add your Smart Group.
  2. Use the vf.app.registry smart property with the contains operator to add your condition. The value of vf.app.registry property will be all registry keys and their data concatenated, for example: [key1\val1=data1,key2\val2=data2].

Use the Introspection module > Applications tab or the Introspection module > VMs tab to view the results of scans. The registry values will appear in the Name column, with their data in the Version column.

Related Documentation