cancel
Showing results for 
Search instead for 
Did you mean: 
scarney
Level 9

sadmin check: unable to process files in C:\Windows\System32\config

All,

Vitals:

  1. Running on Windows 7
  2. Running v.6.1.2-368 of Application Control in Standalone mode
  3. C: drive is solidified

Problem:

  1. We run sadmin check.
  2. Some of it's results are:

Failed to process file "C:\Windows\System32\config\SAM".

Failed to process file "C:\Windows\System32\config\SAM.LOG1".

Failed to process file "C:\Windows\System32\config\SAM.LOG2".

Failed to process file "C:\Windows\System32\config\SECURITY".

Failed to process file "C:\Windows\System32\config\SECURITY.LOG1".

Failed to process file "C:\Windows\System32\config\SECURITY.LOG2".

Failed to process file "C:\Windows\System32\config\SOFTWARE".

Failed to process file "C:\Windows\System32\config\SOFTWARE.LOG1".

Failed to process file "C:\Windows\System32\config\SOFTWARE.LOG2".

Failed to process file "C:\Windows\System32\config\SYSTEM".

Failed to process file "C:\Windows\System32\config\SYSTEM.LOG1".

Failed to process file "C:\Windows\System32\config\SYSTEM.LOG2".

When I look at the files in here, they have the little lock icon assigned to them

This is by design and I don't think we want to change it.

Does it make sense to put these files on the skip list?

Do we open ourselves to any problems by doing this?

0 Kudos
8 Replies
neelima
Level 12

Re: sadmin check: unable to process files in C:\Windows\System32\config

Sandra,

What is the  reason for running check command? Are you seeing any issues?

Thanks,

0 Kudos
scarney
Level 9

Re: sadmin check: unable to process files in C:\Windows\System32\config

Neelima,

When we create a new image for use in manufacturing,

we run sadmin check as part of our standard protocol.

We ran into these issues after producing our new image.

--

Regards,

Sandra Carney

0 Kudos
vaidyanathan
Level 7

Re: sadmin check: unable to process files in C:\Windows\System32\config

Hi,

If I understand you question rightly then, sadmin check command is used to check consistency of solidified files only. Any files which are not part of solidified list will not be checked by this command.

Though you get failed to process these files error, t they are still solidified when you run "sadmin enable" client task.


These files under system32\config are related to your event viewer which is constantly used by Windows to write the logs, that might be the case you are seeing this error

0 Kudos
scarney
Level 9

Re: sadmin check: unable to process files in C:\Windows\System32\config

Hello,

Is it safe for us to put these files in the skip list?

--

Regards,

Sandra Carney

0 Kudos
neelima
Level 12

Re: sadmin check: unable to process files in C:\Windows\System32\config

Sandra,

If you are not seeing any application breakage due to these errors, I would suggest documenting them in your process to ignore these.

They are likely not binaries and the error you are seeing is most likely because check is not able to open these files for reading and validation.

skiplist is a good option to use in case you see any application compatibility and thus may want to ignore certain binaries from whitelisting protection to workaround the compatibility issue.

Can you run me by your image preparation process once?

Thanks,

0 Kudos
scarney
Level 9

Re: sadmin check: unable to process files in C:\Windows\System32\config

We had another question: what files do get solidified?  We were surprised to see that .dat files were being solidified.

0 Kudos
vaidyanathan
Level 7

Re: sadmin check: unable to process files in C:\Windows\System32\config

Hi,

When I solidified a base Windows 7 system below the files solidified,

.bat

.dll

.cmd

.vbs

.exe

.mui

.sys

.h1s

.ocx

.cpl

.vxd

.dat

.pmp

.mpp

.api

.x3d

.de

.enu

.fr

.jpn

.deu

.dl_

.ex_

.tlb

.mod

.fon

.ax

.drv

.ps1

.fon

.rs

Thanks

0 Kudos
scarney
Level 9

Re: sadmin check: unable to process files in C:\Windows\System32\config

All,

We tried putting one of the files on the skiplist.  We executed:

  sadmin skiplist add -i C:\Windows\System32\config

  sadmin skiplist add -f C:\Windows\System32\config\DEFAULT

Then ran:

  sadmin check

and we are still seeing

  Failed to process file "C:\Windows\System32\config\DEFAULT"

as an example.  Is there something missing about the way we are doing the skiplist specification?  Does McAfee look at the skiplist, first, before it decides what to check or does it gather the file list and then decide what to check?

0 Kudos