Failed to process file "C:\Windows\System32\config\SAM".
Failed to process file "C:\Windows\System32\config\SAM.LOG1".
Failed to process file "C:\Windows\System32\config\SAM.LOG2".
Failed to process file "C:\Windows\System32\config\SECURITY".
Failed to process file "C:\Windows\System32\config\SECURITY.LOG1".
Failed to process file "C:\Windows\System32\config\SECURITY.LOG2".
Failed to process file "C:\Windows\System32\config\SOFTWARE".
Failed to process file "C:\Windows\System32\config\SOFTWARE.LOG1".
Failed to process file "C:\Windows\System32\config\SOFTWARE.LOG2".
Failed to process file "C:\Windows\System32\config\SYSTEM".
Failed to process file "C:\Windows\System32\config\SYSTEM.LOG1".
Failed to process file "C:\Windows\System32\config\SYSTEM.LOG2".
When I look at the files in here, they have the little lock icon assigned to them
This is by design and I don't think we want to change it.
Does it make sense to put these files on the skip list?
Do we open ourselves to any problems by doing this?
When we create a new image for use in manufacturing,
we run sadmin check as part of our standard protocol.
We ran into these issues after producing our new image.
If I understand you question rightly then, sadmin check command is used to check consistency of solidified files only. Any files which are not part of solidified list will not be checked by this command.
Though you get failed to process these files error, t they are still solidified when you run "sadmin enable" client task.
These files under system32\config are related to your event viewer which is constantly used by Windows to write the logs, that might be the case you are seeing this error
If you are not seeing any application breakage due to these errors, I would suggest documenting them in your process to ignore these.
They are likely not binaries and the error you are seeing is most likely because check is not able to open these files for reading and validation.
skiplist is a good option to use in case you see any application compatibility and thus may want to ignore certain binaries from whitelisting protection to workaround the compatibility issue.
Can you run me by your image preparation process once?
We had another question: what files do get solidified? We were surprised to see that .dat files were being solidified.
When I solidified a base Windows 7 system below the files solidified,
We tried putting one of the files on the skiplist. We executed:
sadmin skiplist add -i C:\Windows\System32\config
sadmin skiplist add -f C:\Windows\System32\config\DEFAULT
and we are still seeing
Failed to process file "C:\Windows\System32\config\DEFAULT"
as an example. Is there something missing about the way we are doing the skiplist specification? Does McAfee look at the skiplist, first, before it decides what to check or does it gather the file list and then decide what to check?