9 Replies Latest reply on May 10, 2011 12:27 PM by mmoore3

    MNAC Remediation Commands Not Functioning

    eguhlin

      I am unable to get remediation commands to properly function.  What I want to do is create a check that mimics the native McAfee Screensaver Checks.  The only difference is that I want them to check a different location in the registry as compared to the native McAfee Screensaver Checks.

       

      The native native McAfee Screensaver Checks are as follows:
      Screen Saver to be used - HKEY_USERS\.Default
      Screen Saver timeout - HKEY_USERS\.Default
      Screen Saver is secure - HKEY_USERS\.Default

       

      I have tried creating my own checks to mimic the above native McAfee Checks with the exception of looking in a different registry location.  The location is as follows:
      HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop

       

      Following are the details of the check that I manually created for Screen Saver to be used:


      Registry Hive: The hive that the registry key belongs to. This is restricted to a specific set of values:
           equals HKEY_CURRENT_USER
      Registry Value Name: The name of a registry value within the specified registry key.
           equals HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop
      Registry Key Path: The registry key to be tested. Note that the hive portion of the string should not be included, as this data should be selected in the hive parameter. If the operation selected is equals, the Registry Key Path should be the exact path to the registry key. For example: 'Software\TestParentKey\TestSubKey'. If the operation selected is pattern match, a basic regular expression should be used. For example: '^SOFTWARE\\SampleSoftwareVendor\\SampleSoftwareProduct\\[0-9]+\.0\\Common' could be used to detect the 'Common' key in a specific version of a software product.
           equals Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE
      optional:Registry Value Data: The expected registry value's data for the registry key(s) specified in the check.
           equals scrnsave.scr
      optional:Registry Value Type: The expected registry type associated with the specified registry value(s).
           equals reg_sz

       

      The reason I want to look in this location is because this is the location that Group Policy places our screen saver.

       

      After creating my own check, I want to add remediation commands to add the Keys and Values to the aforementioned registry location if they do not exist.  The remediation command I used for Screen Saver to be used is as follows:
      %ComSpec%
      /C Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f

       

      I have tried changing the case of the parameters in the event that anything was case sensitive.  I have also tried adding and removing the quotations around each of the path variables.  The remediation commands that I have used work perfectly from the command line, however they will not work via MNAC.

       

      Unfortunately, there is no way for me to reference a native McAfee Check to see what I may be doing wrong because the native Checks are not editable. Any advice would be greatly appreciated.

       

      Message was edited by: eguhlin on 5/9/11 10:10:25 AM CDT
        • 1. Re: MNAC Remediation Commands Not Functioning
          mmoore3

          What account do you have configured to run the remediation in the Network Access Control Client policy? Can this user write to the registry?

           

          What is the enforcement mode for the benchmark?

           

          What is the auto-remdiation for the benchmark?

           

          Does your custom check pass or fail? For remediation to run, the rule the check is made into must fail.

          • 2. Re: MNAC Remediation Commands Not Functioning
            eguhlin

            Thanks for your reply.

             

            The logged on user's credentials are being used to run the remediation command and all of our users are administrators, so, yes, they can write to the registry.

             

            The enforcement mode is enforced and auto-remediation is enabled.

             

            The check fails and the strange thing is, I get another pop-up stating that the all remediation tasks are successful, however, it does not write anything to the registry.

             

            If I use a native McAfee check for the HKU\.Default hive it will work and add the keys and values to the registry.  I was thinking I might have done something wrong in the custom check that I created, but it seems like everything is working properly with the exception of writing to the registry.

            • 3. Re: MNAC Remediation Commands Not Functioning
              mmoore3

              what does the scanner_out.log contain? Can you attach it to the thread?

              • 4. Re: MNAC Remediation Commands Not Functioning
                eguhlin

                I am not finding a scanner_out.log anywhere on the client or server.  Will you please provide the location?

                 

                Message was edited by: eguhlin on 5/10/11 7:48:58 AM CDT
                • 5. Re: MNAC Remediation Commands Not Functioning
                  mmoore3

                  The scanner_out.log is on the end node. On XP, by default it is in C:\program files\mcafee\mnac scanner.

                  • 6. Re: MNAC Remediation Commands Not Functioning
                    eguhlin

                    Here you go, this is only from today.

                     

                    05-10-11 00:10:36,337 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 00:10:37,869 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 00:10:37,869 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 00:25:38,656 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 00:25:40,187 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 00:25:40,187 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 00:40:41,630 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 00:40:43,161 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 00:40:43,161 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 00:55:44,355 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 00:55:45,886 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 00:55:45,886 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 01:10:46,579 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 01:10:48,110 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 01:10:48,110 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 01:25:49,397 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 01:25:50,929 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 01:25:50,929 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 01:40:51,872 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 01:40:53,403 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 01:40:53,403 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 01:55:54,409 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 01:55:55,940 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 01:55:55,940 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 02:10:57,071 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 02:10:58,602 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 02:10:58,602 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 02:25:59,764 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 02:26:01,296 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 02:26:01,296 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 02:41:02,504 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 02:41:04,036 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 02:41:04,036 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 02:56:04,979 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 02:56:06,510 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 02:56:06,526 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 03:11:07,079 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 03:11:08,688 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 03:11:08,688 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 03:26:09,944 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 03:26:11,475 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 03:26:11,475 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 03:41:12,403 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 03:41:13,934 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 03:41:13,934 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 03:56:15,143 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 03:56:16,674 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 03:56:16,674 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 04:11:37,008 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 04:11:38,758 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 04:11:38,758 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 04:26:58,889 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 04:27:00,545 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 04:27:00,545 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 04:42:01,785 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 04:42:03,317 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 04:42:03,317 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 04:57:23,588 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 04:57:25,338 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 04:57:25,338 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 05:12:45,735 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 05:12:47,485 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 05:12:47,485 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 05:27:48,444 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 05:27:49,975 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 05:27:49,990 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 05:42:50,949 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 05:42:52,481 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 05:42:52,481 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 05:57:53,533 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 05:57:55,064 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 05:57:55,064 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 06:12:56,133 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 06:12:57,664 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 06:12:57,664 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 06:27:58,732 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 06:28:00,264 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 06:28:00,279 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 06:43:00,832 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 06:43:02,363 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 06:43:02,363 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 06:58:03,681 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 06:58:05,213 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 06:58:05,228 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 07:13:06,781 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 07:13:08,312 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 07:13:08,312 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 07:28:09,412 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 07:28:10,943 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 07:28:10,943 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 07:43:12,074 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 07:43:13,605 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 07:43:13,621 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 07:58:14,283 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 07:58:15,814 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 07:58:15,814 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 08:13:16,851 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 08:13:18,382 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 08:13:18,382 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 08:28:19,341 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 08:28:20,872 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 08:28:20,872 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 08:43:21,550 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 08:43:23,081 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 08:43:23,081 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 08:58:23,790 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 08:58:25,321 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 08:58:25,337 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 09:13:25,905 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 09:13:27,436 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 09:13:27,452 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 09:28:28,020 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 09:28:29,552 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 09:28:29,552 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 09:43:30,635 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 09:43:32,167 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 09:43:32,182 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 09:58:32,766 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 09:58:34,298 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 09:58:34,298 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 10:13:36,210 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 10:13:37,741 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 10:13:37,741 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 10:13:42,256 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> - Client Policy:
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  CmdLinePassword =
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  CmdLineUsername =
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  ContentLoadedVersion = xKGh/nWSov8QcIHU0V0NiaCPzDc=
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  ContentServerVersion =
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  DefaultHealthLevel = 5
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  DetailMinHealthLevel = 3
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  DontShowIcon = 0
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  EnableAutoRemediation = 1
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  EnableDetailMinHealthLevel = 1
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  EnablePeriodicIDMessage = 0
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  EnforcementEnabled = 1
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  ForceNewPolicyDownload = 1
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  MSNAPEnabled = 0
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  ManagedContentTimestamp = 1305040261
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  ManagedPolicyTimestamp = 1304638057
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  PeriodicIDMessageDuration = 600
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  PeriodicIDMessageInterval = 60
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  PeriodicIDMessageVersion = 1
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  PolicyEnforced = 1
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  PolicyFreshness = 1304951934
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  PolicyTTL = 86400
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  ScanInterval = 300
                    05-10-11 10:13:43,788 [4032] DEBUG Scanner.Config <> -  ScanResultsDetail = 1
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  ServerHealthOverride = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  ServerHealthOverrideTTL = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> - System Health Policy:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Name = ABS MNAC - VSE Policy
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Description = This will check the VirusScan version, DAT version, McShield service and the Framework service.
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  LocalMessage = Your VirusScan Enterprise is out of compliance. McAfee will attempt to automatically remediate the compliance issue[s]. Please ensure that you have network connectivity.  If you have any questions or need assistance, please contact the Customer Service Center at 1-281-877-6499.
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Enabled = 1
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Location Awareness Type = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Domain Controller check enabled = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  DNS suffix check enabled = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Suffixes:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  IP check enabled = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Benchmark:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Version GUID = E612C82B-6ED4-4BA1-8C5B-24380FD47EDF
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Profile =
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Enforcement mode = 1
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Enable auto-remediation = 1
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> - System Health Policy:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Name = ABS_Health_Policy
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Description = ABS PC Health Policy
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  LocalMessage = Your PC is not compliant.
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Enabled = 1
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Location Awareness Type = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Domain Controller check enabled = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  DNS suffix check enabled = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Suffixes:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  IP check enabled = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Benchmark:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Version GUID = E612C82B-6ED4-4BA1-8C5B-24380FD47EDF
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Profile =
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Enforcement mode = 2
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Enable auto-remediation = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> - Network Access Policy:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Health level 0:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Name = Unknown
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Health level 1:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Name = Healthy
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Health level 2:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Name = Fair
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Health level 3:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Name = Poor
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Health level 4:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Name = Serious
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Health level 5:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -   Name = Critical
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> - Network Access Zone:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Firewall rules:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> - Network Access Zone:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  Firewall rules:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> - Scanner Configuration:
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  AgentStartupWait = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  AuthPort = 58443
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  IntrushieldPort = 58446
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  IsMSNAPEnforced = 1
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  MaxRetryEvents = 3
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  NumHttpThreads = 1
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  RemediationActionTimeout = 300
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  RetryInterval = 120
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  RetryThrottle = 480
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  SSLErrorRetries = 5
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  ScannerGUID =
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  ServerIP = 172.27.13.65
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  ServerName = HOUVEPO02.abs.com
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  ServerPort = 58444
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  ServerURI = /nac/engine
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  SystemStatus = 0
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  TcpSocketTimeout = 30
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  szInstallDir = C:\Program Files\McAfee\MNAC Scanner\
                    05-10-11 10:13:43,803 [4032] DEBUG Scanner.Config <> -  szLangId = 0409
                    05-10-11 10:13:43,819 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 10:13:43,819 [4032] DEBUG Scanner <> - Reloading configuration for scanner service.
                    05-10-11 10:13:43,819 [4032] DEBUG Scanner.ServerCom <> - Using keys from memory
                    05-10-11 10:13:43,819 [4032] DEBUG Scanner.ScannerComm <> - ScannerCommCommon::configNotify() called
                    05-10-11 10:13:43,819 [4032] DEBUG Scanner.ScannerComm <> - ScannerCommCommon::configNotify, managed content timestamp has changed
                    05-10-11 10:13:43,819 [4032] INFO Scanner.ScannerComm <> - Requesting content from https://SERVER.company.com:8444/nac/engine/getcontent?type=managed
                    05-10-11 10:13:43,819 [4032] DEBUG Scanner.ServerCom <> - Connecting to https://SERVER.company.com:8444/nac/engine/getcontent?type=managed
                    05-10-11 10:13:43,866 [4032] INFO Scanner.ServerCom <> - Sending request to the server at https://SERVER.company.com:8444/nac/engine/getcontent?type=managed
                    05-10-11 10:13:43,866 [4032] DEBUG Scanner.ServerCom <> - Received 15331 bytes from server
                    05-10-11 10:13:43,866 [4032] DEBUG Scanner.ServerCom.Request <> - Waiting to import content...
                    05-10-11 10:13:43,866 [4032] DEBUG Scanner.ServerCom.Request <> - Saving content to C:\Program Files\McAfee\MNAC Scanner\engine\DownloadedContent.zip
                    05-10-11 10:13:44,038 [4032] DEBUG Scanner.ServerCom.Request <> - Content import started
                    05-10-11 10:13:44,038 [4032] DEBUG Scanner.ServerCom.Request <> - Import using short path name: C:\PROGRA~1\McAfee\MNACSC~1\engine\DOWNLO~1.ZIP
                    05-10-11 10:13:44,038 [4032] DEBUG Scanner.ScanEngine <> - PA ImportZip called...
                    05-10-11 10:13:44,038 [4032] DEBUG Scanner.ScanEngine.PA <> - Enter method PAImportZip
                    05-10-11 10:13:44,038 [4032] DEBUG Scanner.ScanEngine.PA <> - Verified zip file exists... Sending import request
                    05-10-11 10:13:44,038 [4032] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:44,038 [4032] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:46,725 [4032] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:46,725 [4032] DEBUG Scanner.ScanEngine.PA <> - Import zip file succeeded
                    05-10-11 10:13:46,725 [4032] DEBUG Scanner.ScanEngine <> - ...PA ImportZip complete
                    05-10-11 10:13:46,725 [4032] DEBUG Scanner.ServerCom.Request <> - Content import complete
                    05-10-11 10:13:46,725 [4032] DEBUG Scanner.ScannerComm <> - ScannerCommCommon::configNotify, new content triggered a scan
                    05-10-11 10:13:46,725 [4032] DEBUG Scanner.ScannerComm.IntruShieldComm <> - IBAC: ibac_data_collect called
                    05-10-11 10:13:46,725 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 10:13:46,788 [4144] DEBUG Scanner.ScannerComm.IntruShieldComm <> - IBAC: performing ibac_data_collect operation
                    05-10-11 10:13:46,835 [5048] DEBUG Scanner.ScanEngine <> - ScanEngine::processScan()
                    05-10-11 10:13:47,147 [5048] ERROR Scanner.ScanEngine <> - Next scan time from Agent is Zero, Error: Scan task not found
                    05-10-11 10:13:47,147 [5048] WARN Scanner.ScanEngine <> - Next scan time from Agent is ZERO, setting 1 day offset as failsafe!
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner.ScanEngine <> - scan results detail: 1
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner.ScanEngine <> - min health level enabled: 1
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner.ScanEngine <> - min health level: 3
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner.ScanEngine <> - Creating ScanHost for scan
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner <> - Calling NetServerGetInfo()
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner <> - GetNativeSystemInfo present
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner <> - major: 5 minor: 1
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner <> - prodType: 1 procArch: 0
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner <> - Successful... results: System Platform: Windows
                             Family: NT
                            Version: XP Professional
                       NetBIOS Name:
                        Domain Name:
                    Current User(s):

                    05-10-11 10:13:47,147 [5048] DEBUG Scanner <> - Calling NetWkstaGetInfo()
                    05-10-11 10:13:47,147 [5048] DEBUG Scanner <> - Successful... results: System Platform: Windows
                             Family: NT
                            Version: XP Professional
                       NetBIOS Name: ECLARKDT02
                        Domain Name: ABS
                    Current User(s):

                    05-10-11 10:13:47,147 [5048] DEBUG Scanner <> - Calling NetWkstaUserEnum()
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner <> - Successful... results: System Platform: Windows
                             Family: NT
                            Version: XP Professional
                       NetBIOS Name: ECLARKDT02
                        Domain Name: ABS
                    Current User(s): ABS\ECLARKDT02$, ABS\EGuhlin

                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine <> - SHP[0]: name: ABS MNAC - VSE Policy description: This will check the VirusScan version, DAT version, McShield service and the Framework service.
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine <> - localMessage: Your VirusScan Enterprise is out of compliance. McAfee will attempt to automatically remediate the compliance issue[s]. Please ensure that you have network connectivity.  If you have any questions or need assistance, please contact the Customer Service Center at 1-281-877-6499. enabled: 1
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine <> - # benchmarks: 1
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine <> - shp->type: 0
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine <> - benchmark[0]: guid: E612C82B-6ED4-4BA1-8C5B-24380FD47EDF profile:  enforcemode: 1
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine.PA <> - Creating scan...
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine.PA <> - Succesfully created scan
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine <> - PACreateScan scanid: 242
                    05-10-11 10:13:47,163 [5048] INFO Scanner.ScanEngine <> - **** Starting scan with PAStartScan...
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine.PA <> - Starting scan...
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:47,163 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:47,928 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 10:13:47,928 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 10:13:50,194 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,210 [5048] DEBUG Scanner.ScanEngine.PA <> - scan completed
                    05-10-11 10:13:50,210 [5048] INFO Scanner.ScanEngine <> - **** ...PAStartScan Completed
                    05-10-11 10:13:50,210 [5048] DEBUG Scanner.ScanEngine.PA <> - get scan results
                    05-10-11 10:13:50,225 [5048] DEBUG Scanner.ScanEngine.XML <> - ScanEngine results XML:
                    <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
                    <TestResult xmlns="http://checklists.nist.gov/xccdf/1.1" end-time="2011-05-10T15:13:49" id="notApplicable" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.xsd">
                       <benchmark href="ABS_Test" />
                       <target>ECLARKDT02.abs.com</target>
                       <target-facts>
                          <fact name="PAAuditEngineVersion" type="string">5.2.0</fact>
                          <fact name="system_info" type="string"><?xml version="1.0" encoding="UTF-16" standalone="no" ?><system_info xmlns="Microsoft" _mce_href="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"><os_n ame>Microsoft">http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"><o s_name>Microsoft Windows XP</os_name><os_version>5.1 build 2600</os_version><architecture>INTEL32</architecture><primary_host_name>ECLARKD T02.abs.com</primary_host_name><interfaces><interface><interface_name>Intel(R) 82566DM Gigabit Network Connection - Packet Scheduler Miniport</interface_name><ip_address>172.27.2.198</ip_address><mac_address>00-0 F-FE-4D-0E-BB</mac_address></interface></interfaces></system_info></fact>
                       </target-facts>
                       <rule-result idref="McAfeeVirusScanEnterpriseRealTimeDetectionEnabled" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>%comspec%</cmd><params>/c net.exe start mcshield || %comspec% /c net.exe continue mcshield</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4239" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4239" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMinimumProductVersion" role="full" severity="low">
                          <result>pass</result>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4237" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4237" result="true" version="18" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeAgentCheck" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>%COMSPEC%</cmd><params>"P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:5062" result="true" version="18">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:5062" result="true" version="15" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeFrameworkServiceRunning" role="full" severity="medium">
                          <result>pass</result>
                          <fix><cmd>%comspec%</cmd><params>/c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4579" result="true" version="18">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4579" result="true" version="14" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMaximumDATAge" role="full" severity="info">
                          <result>pass</result>
                          <fix><cmd>$MAUPDATENOW</cmd></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:50760" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:50760" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMaximumDATAge_1" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>$MAUPDATENOW</cmd></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:50760" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:50760" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="_ABSScreensaverCheck" role="full" severity="low">
                          <result>fail</result>
                          <fix><cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:HOUVEPO02.abs.com:def:2011050409493702200" result="false" version="2">
                                   <criteria operator="AND" result="false">
                                      <criterion result="true" test_ref="oval:HOUVEPO02.abs.com:tst:2011050409493702202" variable_instance="0" version="3" />
                                      <criterion result="false" test_ref="oval:HOUVEPO02.abs.com:tst:2011050409493702203" variable_instance="0" version="2" />
                                   </criteria>
                                </definition>
                                <tests xmlns="http://oval.mitre.org/XMLSchema/oval-results-5">
                                   <test check="only one" check_existence="at_least_one_exists" result="true" test_id="oval:HOUVEPO02.abs.com:tst:2011050409493702202" variable_instance="0" version="3">
                                      <tested_item item_id="3595" result="true" />
                                   </test>
                                   <test check="at least one" check_existence="at_least_one_exists" result="false" test_id="oval:HOUVEPO02.abs.com:tst:2011050409493702203" variable_instance="0" version="2">
                                      <tested_item item_id="3596" result="not evaluated" />
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:2011050409493702208">HKEY_CURRENT_USER< /tested_variable>
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:2011050409493702209">Software\Policies\ Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE</tested_variable>
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:20110504094937022010">HKCU\Software\Pol icies\Microsoft\Windows\Control Panel\Desktop</tested_variable>
                                   </test>
                                </tests>
                                <collected_objects xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
                                   <object flag="complete" id="oval:HOUVEPO02.abs.com:obj:2011050409493702204" version="5">
                                      <reference item_ref="3595" />
                                   </object>
                                   <object flag="does not exist" id="oval:HOUVEPO02.abs.com:obj:2011050409493702205" version="4">
                                      <reference item_ref="3596" />
                                   </object>
                                </collected_objects>
                                <system_data xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
                                   <family_item id="3595" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
                                      <family>windows</family>
                                   </family_item>
                                   <registry_item id="3596" status="does not exist" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows">
                                      <hive status="does not exist">HKEY_CURRENT_USER</hive>
                                      <key status="does not exist">Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE</key>
                                      <name status="does not exist">HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop</name>
                                   </registry_item>
                                </system_data>
                             </check-content>
                          </check>
                       </rule-result>
                       <score system="urn:xccdf:scoring:default">85.71429</score>
                       <score maximum="7" system="urn:xccdf:scoring:flat">6</score>
                       <score maximum="7" system="urn:xccdf:scoring:flat-unweighted">6</score>
                       <score maximum="1" system="urn:xccdf:scoring:absolute">0</score>
                    </TestResult>

                    05-10-11 10:13:50,241 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:50,241 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:50,241 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,241 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:50,256 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseRealTimeDetectionEnabled
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,272 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%comspec%</cmd><params>/c net.exe start mcshield || %comspec% /c net.exe continue mcshield</params>
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %comspec%
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine <> - rparam: /c net.exe start mcshield || %comspec% /c net.exe continue mcshield
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMinimumProductVersion
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,288 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeAgentCheck
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%COMSPEC%</cmd><params>"P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall</params>
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %COMSPEC%
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - rparam: "P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeFrameworkServiceRunning
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,303 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine <> - Severity: medium
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%comspec%</cmd><params>/c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework</params>
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %comspec%
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine <> - rparam: /c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMaximumDATAge
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,319 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine <> - Severity: info
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>$MAUPDATENOW</cmd>
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine <> - rcmd: $MAUPDATENOW
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMaximumDATAge_1
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,335 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>$MAUPDATENOW</cmd>
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - rcmd: $MAUPDATENOW
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: _ABSScreensaverCheck
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - Result: fail
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params>
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %ComSpec%
                    05-10-11 10:13:50,350 [5048] DEBUG Scanner.ScanEngine <> - rparam: Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Freeing scan...
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine <> - SHP[1]: name: ABS_Health_Policy description: ABS PC Health Policy
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine <> - localMessage: Your PC is not compliant. enabled: 1
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine <> - # benchmarks: 1
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine <> - shp->type: 0
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine <> - benchmark[0]: guid: E612C82B-6ED4-4BA1-8C5B-24380FD47EDF profile:  enforcemode: 2
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Creating scan...
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Succesfully created scan
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine <> - PACreateScan scanid: 243
                    05-10-11 10:13:50,366 [5048] INFO Scanner.ScanEngine <> - **** Starting scan with PAStartScan...
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Starting scan...
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:50,366 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,725 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,725 [5048] DEBUG Scanner.ScanEngine.PA <> - scan completed
                    05-10-11 10:13:52,725 [5048] INFO Scanner.ScanEngine <> - **** ...PAStartScan Completed
                    05-10-11 10:13:52,725 [5048] DEBUG Scanner.ScanEngine.PA <> - get scan results
                    05-10-11 10:13:52,741 [5048] DEBUG Scanner.ScanEngine.XML <> - ScanEngine results XML:
                    <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
                    <TestResult xmlns="http://checklists.nist.gov/xccdf/1.1" end-time="2011-05-10T15:13:52" id="notApplicable" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.xsd">
                       <benchmark href="ABS_Test" />
                       <target>ECLARKDT02.abs.com</target>
                       <target-facts>
                          <fact name="PAAuditEngineVersion" type="string">5.2.0</fact>
                          <fact name="system_info" type="string"><?xml version="1.0" encoding="UTF-16" standalone="no" ?><system_info xmlns="Microsoft" _mce_href="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"><os_n ame>Microsoft">http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"><o s_name>Microsoft Windows XP</os_name><os_version>5.1 build 2600</os_version><architecture>INTEL32</architecture><primary_host_name>ECLARKD T02.abs.com</primary_host_name><interfaces><interface><interface_name>Intel(R) 82566DM Gigabit Network Connection - Packet Scheduler Miniport</interface_name><ip_address>172.27.2.198</ip_address><mac_address>00-0 F-FE-4D-0E-BB</mac_address></interface></interfaces></system_info></fact>
                       </target-facts>
                       <rule-result idref="McAfeeVirusScanEnterpriseRealTimeDetectionEnabled" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>%comspec%</cmd><params>/c net.exe start mcshield || %comspec% /c net.exe continue mcshield</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4239" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4239" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMinimumProductVersion" role="full" severity="low">
                          <result>pass</result>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4237" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4237" result="true" version="18" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeAgentCheck" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>%COMSPEC%</cmd><params>"P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:5062" result="true" version="18">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:5062" result="true" version="15" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeFrameworkServiceRunning" role="full" severity="medium">
                          <result>pass</result>
                          <fix><cmd>%comspec%</cmd><params>/c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4579" result="true" version="18">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4579" result="true" version="14" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMaximumDATAge" role="full" severity="info">
                          <result>pass</result>
                          <fix><cmd>$MAUPDATENOW</cmd></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:50760" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:50760" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMaximumDATAge_1" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>$MAUPDATENOW</cmd></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:50760" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:50760" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="_ABSScreensaverCheck" role="full" severity="low">
                          <result>fail</result>
                          <fix><cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:HOUVEPO02.abs.com:def:2011050409493702200" result="false" version="2">
                                   <criteria operator="AND" result="false">
                                      <criterion result="true" test_ref="oval:HOUVEPO02.abs.com:tst:2011050409493702202" variable_instance="0" version="3" />
                                      <criterion result="false" test_ref="oval:HOUVEPO02.abs.com:tst:2011050409493702203" variable_instance="0" version="2" />
                                   </criteria>
                                </definition>
                                <tests xmlns="http://oval.mitre.org/XMLSchema/oval-results-5">
                                   <test check="only one" check_existence="at_least_one_exists" result="true" test_id="oval:HOUVEPO02.abs.com:tst:2011050409493702202" variable_instance="0" version="3">
                                      <tested_item item_id="3623" result="true" />
                                   </test>
                                   <test check="at least one" check_existence="at_least_one_exists" result="false" test_id="oval:HOUVEPO02.abs.com:tst:2011050409493702203" variable_instance="0" version="2">
                                      <tested_item item_id="3624" result="not evaluated" />
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:2011050409493702208">HKEY_CURRENT_USER< /tested_variable>
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:2011050409493702209">Software\Policies\ Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE</tested_variable>
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:20110504094937022010">HKCU\Software\Pol icies\Microsoft\Windows\Control Panel\Desktop</tested_variable>
                                   </test>
                                </tests>
                                <collected_objects xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
                                   <object flag="complete" id="oval:HOUVEPO02.abs.com:obj:2011050409493702204" version="5">
                                      <reference item_ref="3623" />
                                   </object>
                                   <object flag="does not exist" id="oval:HOUVEPO02.abs.com:obj:2011050409493702205" version="4">
                                      <reference item_ref="3624" />
                                   </object>
                                </collected_objects>
                                <system_data xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
                                   <family_item id="3623" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
                                      <family>windows</family>
                                   </family_item>
                                   <registry_item id="3624" status="does not exist" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows">
                                      <hive status="does not exist">HKEY_CURRENT_USER</hive>
                                      <key status="does not exist">Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE</key>
                                      <name status="does not exist">HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop</name>
                                   </registry_item>
                                </system_data>
                             </check-content>
                          </check>
                       </rule-result>
                       <score system="urn:xccdf:scoring:default">85.71429</score>
                       <score maximum="7" system="urn:xccdf:scoring:flat">6</score>
                       <score maximum="7" system="urn:xccdf:scoring:flat-unweighted">6</score>
                       <score maximum="1" system="urn:xccdf:scoring:absolute">0</score>
                    </TestResult>

                    05-10-11 10:13:52,757 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:52,757 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:52,757 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,757 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,772 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,772 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:52,772 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseRealTimeDetectionEnabled
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,788 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%comspec%</cmd><params>/c net.exe start mcshield || %comspec% /c net.exe continue mcshield</params>
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %comspec%
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - rparam: /c net.exe start mcshield || %comspec% /c net.exe continue mcshield
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMinimumProductVersion
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeAgentCheck
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,803 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%COMSPEC%</cmd><params>"P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall</params>
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %COMSPEC%
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine <> - rparam: "P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeFrameworkServiceRunning
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,819 [5048] DEBUG Scanner.ScanEngine <> - Severity: medium
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%comspec%</cmd><params>/c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework</params>
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %comspec%
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - rparam: /c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMaximumDATAge
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - Severity: info
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>$MAUPDATENOW</cmd>
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - rcmd: $MAUPDATENOW
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMaximumDATAge_1
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,835 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>$MAUPDATENOW</cmd>
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine <> - rcmd: $MAUPDATENOW
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: _ABSScreensaverCheck
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,850 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - Result: fail
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params>
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %ComSpec%
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - rparam: Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - Remediation is disabled, ignoring command: %ComSpec%
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine.PA <> - Freeing scan...
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - remediation complete called: 1
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - NAPSHA_remediation called, rpending: 1
                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - results: Scan Results--
                    Id:                -1
                    Health Level:      3
                    Scan Status:       SCAN_SUCCESSFUL
                    Next Scan:         2011-05-11T10:13:46.000-05:00
                    Enforce Mode:      Enforce
                    Policy Version:    1304638057
                    Failed SHP Names:  ABS MNAC - VSE Policy,ABS_Health_Policy
                    Applied SHP Names: ABS MNAC - VSE Policy,ABS_Health_Policy
                    Error code:        0
                    Event Time:        2011-05-10T10:13:46.835-05:00
                    --------------  Benchmark  -----------
                    Benchmark:         0
                    Title:             ABS_Test
                    Profile:          
                    Version:           E612C82B-6ED4-4BA1-8C5B-24380FD47EDF
                    Enforce Mode:      Enforce
                    Failed Rule Names: _ABSScreensaverCheck
                    Health Level:      3
                    RuntimeDelta:      0
                    Error Code:        0
                    ==============     Rule    ===========
                    Rule:              0
                    Name:              McAfeeVirusScanEnterpriseRealTimeDetectionEnabled
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              1
                    Name:              McAfeeVirusScanEnterpriseMinimumProductVersion
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              2
                    Name:              McAfeeAgentCheck
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              3
                    Name:              McAfeeFrameworkServiceRunning
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              4
                    Name:              McAfeeVirusScanEnterpriseMaximumDATAge
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              5
                    Name:              McAfeeVirusScanEnterpriseMaximumDATAge_1
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              6
                    Name:              _ABSScreensaverCheck
                    Health Level:      3
                    Result:            fail
                    Message:           Your VirusScan Enterprise is out of compliance. McAfee will attempt to automatically remediate the compliance issue[s]. Please ensure that you have network connectivity.  If you have any questions or need assistance, please contact the Customer Service Center at 1-281-877-6499.
                    --------------  Benchmark  -----------
                    Benchmark:         1
                    Title:             ABS_Test
                    Profile:          
                    Version:           E612C82B-6ED4-4BA1-8C5B-24380FD47EDF
                    Enforce Mode:      Audit
                    Failed Rule Names: _ABSScreensaverCheck
                    Health Level:      3
                    RuntimeDelta:      0
                    Error Code:        0
                    ==============     Rule    ===========
                    Rule:              0
                    Name:              McAfeeVirusScanEnterpriseRealTimeDetectionEnabled
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              1
                    Name:              McAfeeVirusScanEnterpriseMinimumProductVersion
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              2
                    Name:              McAfeeAgentCheck
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              3
                    Name:              McAfeeFrameworkServiceRunning
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              4
                    Name:              McAfeeVirusScanEnterpriseMaximumDATAge
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              5
                    Name:              McAfeeVirusScanEnterpriseMaximumDATAge_1
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              6
                    Name:              _ABSScreensaverCheck
                    Health Level:      3
                    Result:            fail
                    Message:           Your PC is not compliant.

                    05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScannerComm <> - Posting scan results to all listeners
                    05-10-11 10:13:52,882 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - zone name: Allow Full Access
                    05-10-11 10:13:52,882 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - MSNAPEnabled: 0
                    05-10-11 10:13:52,882 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - enforceNapHealth called, healthLevel: 1
                    05-10-11 10:13:52,882 [5048] DEBUG Scanner.ServerCom <> - Using keys from memory
                    05-10-11 10:13:52,882 [6116] DEBUG Scanner.ServerCom <> - Preparing to send XML data:
                    <?xml version="1.0" encoding="UTF-8" ?>
                    <EC-Event xmlns="http://www.nai.com/ec">
                       <CreateTime>2011-05-10T10:13:52.866-05:00</CreateTime>
                       <Analyzer>
                          <Sensor>
                             <Name>McAfee Network Access Control Client</Name>
                             <ProductVersion>3.2.0.835</ProductVersion>
                             <ProductFamily>EC</ProductFamily>
                             <Type>scanner</Type>
                             <AgentAvailable>true</AgentAvailable>
                             <EnforcementEnabled>self</EnforcementEnabled>
                             <RemoteEnabled>false</RemoteEnabled>
                          </Sensor>
                          <User>
                             <Name>NT AUTHORITY\SYSTEM</Name>
                          </User>
                          <Node>
                             <Name>ECLARKDT02</Name>
                             <Interface>
                                <Address>172.27.2.198</Address>
                                <MACAddress>00:0f:fe:4d:0e:bb</MACAddress>
                                <SubnetMask>255.255.255.0</SubnetMask>
                                <NetworkAddress>172.27.2.0</NetworkAddress>
                             </Interface>
                             <OSType>
                                <Platform>Windows</Platform>
                                <Family>NT</Family>
                                <Version>XP Professional</Version>
                             </OSType>
                             <GroupName>ABS</GroupName>
                             <NetBIOSName>ECLARKDT02</NetBIOSName>
                             <Comment>009071</Comment>
                             <AgentGUID>{B7E557A2-8B2D-4D6A-ADD2-EE9D2192A382}</AgentGUID>
                             <IBacData>AUFCU1xlZ3VobGluAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0VDTEFSS0RUMDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC mFicy5jb20AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwESBQEAAwAAARwBBQAAAAAABRUAAACT42JIT WRJLoM9K0aY5QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</IBacDat a>
                          </Node>
                       </Analyzer>
                       <Event>
                          <DetectTime>2011-05-10T10:13:46.835-05:00</DetectTime>
                          <Classification>
                             <EventClassification>scanner.results</EventClassification>
                          </Classification>
                          <Assessment>
                             <ScanResult>
                                <ID>-1</ID>
                                <HealthLevel>3</HealthLevel>
                                <ScanStatus>SCAN_SUCCESSFUL</ScanStatus>
                                <NextScanTime>2011-05-11T10:13:46.000-05:00</NextScanTime>
                                <EnforceMode>Enforce</EnforceMode>
                                <EnforceHealthLevel>3</EnforceHealthLevel>
                                <PolicyVersion>1304638057</PolicyVersion>
                                <PolicyType>MANAGED</PolicyType>
                                <ContentVersion>GW3hQDmMoGnI2yNnSbG0/5gEE0U=</ContentVersion>
                                <FailedBenchmarks>ABS_Test,ABS_Test</FailedBenchmarks>
                                <FailedSHPNames>ABS MNAC - VSE Policy,ABS_Health_Policy</FailedSHPNames>
                                <AppliedSHPNames>ABS MNAC - VSE Policy,ABS_Health_Policy</AppliedSHPNames>
                                <ErrorCode>0</ErrorCode>
                                <BenchmarkResults>
                                   <Title>ABS_Test</Title>
                                   <Profile />
                                   <VersionGUID>E612C82B-6ED4-4BA1-8C5B-24380FD47EDF</VersionGUID>
                                   <EnforceMode>Enforce</EnforceMode>
                                   <FailedRuleNames>_ABSScreensaverCheck</FailedRuleNames>
                                   <AppliedHealthLevel>3</AppliedHealthLevel>
                                   <ErrorCode>0</ErrorCode>
                                   <RuntimeDelta>0</RuntimeDelta>
                                   <RuleResults>
                                      <Name>_ABSScreensaverCheck</Name>
                                      <AppliedHealthLevel>3</AppliedHealthLevel>
                                      <Result>fail</Result>
                                      <Message>
                                         <![CDATA[
                    Your VirusScan Enterprise is out of compliance. McAfee will attempt to automatically remediate the compliance issue[s]. Please ensure that you have network connectivity.  If you have any questions or need assistance, please contact the Customer Service Center at 1-281-877-6499.
                    ]]>
                                      </Message>
                                   </RuleResults>
                                </BenchmarkResults>
                                <BenchmarkResults>
                                   <Title>ABS_Test</Title>
                                   <Profile />
                                   <VersionGUID>E612C82B-6ED4-4BA1-8C5B-24380FD47EDF</VersionGUID>
                                   <EnforceMode>Audit</EnforceMode>
                                   <FailedRuleNames>_ABSScreensaverCheck</FailedRuleNames>
                                   <AppliedHealthLevel>3</AppliedHealthLevel>
                                   <ErrorCode>0</ErrorCode>
                                   <RuntimeDelta>0</RuntimeDelta>
                                   <RuleResults>
                                      <Name>_ABSScreensaverCheck</Name>
                                      <AppliedHealthLevel>3</AppliedHealthLevel>
                                      <Result>fail</Result>
                                      <Message>
                                         <![CDATA[
                    Your PC is not compliant.
                    ]]>
                                      </Message>
                                   </RuleResults>
                                </BenchmarkResults>
                             </ScanResult>
                             <Action>None</Action>
                          </Assessment>
                       </Event>
                    </EC-Event>

                    05-10-11 10:13:52,882 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - NAPSHA_enforce called
                    05-10-11 10:13:52,882 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - NAPSHA_enforce, notifySoHChange
                    05-10-11 10:13:52,882 [5048] ERROR Scanner.ScannerComm.Enforcement <> - NAPSHA_enforce, notifySoHChange failed: 80270007
                    05-10-11 10:13:52,882 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - NAPSHA_enforce complete
                    05-10-11 10:13:52,882 [6116] INFO Scanner.ServerCom <> - Sending scanner.results to the server at https://SERVER.company.com:8444/nac/engine
                    05-10-11 10:13:52,882 [6116] DEBUG Scanner.ServerCom <> - Connecting to https://SERVER.company.com:8444/nac/engine
                    05-10-11 10:13:52,882 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - zone name: Allow Full Access
                    05-10-11 10:13:52,897 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - rule[0]: *
                    05-10-11 10:13:52,897 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - Wildcard whitelist rule found, not doing enforcement
                    05-10-11 10:13:52,897 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - Disabling Firewall
                    05-10-11 10:13:52,897 [5048] DEBUG Scanner.ScannerComm <> - Posting enforcement data to all listeners
                    05-10-11 10:13:52,928 [6116] DEBUG Scanner.ServerCom <> - Sending post
                    05-10-11 10:13:52,944 [2536] DEBUG Scanner.ScanEngine <> - found remediation to process
                    05-10-11 10:13:52,944 [2536] DEBUG Scanner.ScanEngine <> - sleep timeout: 300
                    05-10-11 10:13:52,944 [2536] DEBUG Scanner.ScannerComm <> - Posting remediation results to all listeners
                    05-10-11 10:13:52,944 [2536] DEBUG Scanner.ScannerComm <> - Posting remediation results to all listeners
                    05-10-11 10:13:52,944 [2536] DEBUG Scanner <> - expandedPath: C:\WINDOWS\system32\cmd.exe Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f
                    05-10-11 10:13:52,944 [2536] DEBUG Scanner <> - cmdLine: C:\WINDOWS\system32\cmd.exe
                    05-10-11 10:13:52,944 [2536] DEBUG Scanner <> - workingDir: C:\WINDOWS\system32
                    05-10-11 10:13:52,944 [2536] DEBUG Scanner <> - user: LocalSystem
                    05-10-11 10:13:53,022 [6116] INFO Scanner.ServerCom <> - The server returned HTTP status: 200
                    05-10-11 10:13:53,022 [6116] DEBUG Scanner.ServerCom <> -
                    05-10-11 10:13:53,022 [6116] DEBUG Scanner.ServerCom <> - Headers:
                    agentguid = B7E557A2-8B2D-4D6A-ADD2-EE9D2192A382
                    content-length = 0
                    content-type =
                    date = Tue, 10 May 2011 15:13:53 GMT
                    default-health-level = 5
                    http/1.1 = OK
                    malicious-behavior = false
                    malicious-health-level = -1
                    mnac-is-shared-secret = <encrypted value>
                    mnac-is-shared-secret2 = <encrypted value>
                    mnac-is-udp-port = 58446
                    needs-new-content = false
                    needs-new-policy = false
                    periodic-message-version = 1
                    server = Undefined
                    status = SCAN_SUCCESSFUL
                    transfer-encoding =

                    05-10-11 10:13:53,022 [6116] DEBUG Scanner.ServerCom <> - Using keys from memory
                    05-10-11 10:13:53,022 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 10:13:53,022 [6116] DEBUG Scanner.ServerCom <> - Preparing to send XML data:
                    <?xml version="1.0" encoding="UTF-8" ?>
                    <EC-Event xmlns="http://www.nai.com/ec">
                       <CreateTime>2011-05-10T10:13:53.022-05:00</CreateTime>
                       <Analyzer>
                          <Sensor>
                             <Name>McAfee Network Access Control Client</Name>
                             <ProductVersion>3.2.0.835</ProductVersion>
                             <ProductFamily>EC</ProductFamily>
                             <Type>scanner</Type>
                             <AgentAvailable>true</AgentAvailable>
                             <EnforcementEnabled>self</EnforcementEnabled>
                             <RemoteEnabled>false</RemoteEnabled>
                          </Sensor>
                          <User>
                             <Name>NT AUTHORITY\SYSTEM</Name>
                          </User>
                          <Node>
                             <Name>ECLARKDT02</Name>
                             <Interface>
                                <Address>172.27.2.198</Address>
                                <MACAddress>00:0f:fe:4d:0e:bb</MACAddress>
                                <SubnetMask>255.255.255.0</SubnetMask>
                                <NetworkAddress>172.27.2.0</NetworkAddress>
                             </Interface>
                             <OSType>
                                <Platform>Windows</Platform>
                                <Family>NT</Family>
                                <Version>XP Professional</Version>
                             </OSType>
                             <GroupName>ABS</GroupName>
                             <NetBIOSName>ECLARKDT02</NetBIOSName>
                             <Comment>009071</Comment>
                             <AgentGUID>{B7E557A2-8B2D-4D6A-ADD2-EE9D2192A382}</AgentGUID>
                             <IBacData>AUFCU1xlZ3VobGluAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0VDTEFSS0RUMDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC mFicy5jb20AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwESBQEAAwAAARwBBQAAAAAABRUAAACT42JIT WRJLoM9K0aY5QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</IBacDat a>
                          </Node>
                       </Analyzer>
                       <Event>
                          <DetectTime>2011-05-10T10:13:52.866-05:00</DetectTime>
                          <Classification>
                             <EventClassification>host.enforcement.local</EventClassification>
                          </Classification>
                          <Assessment>
                             <Action>Enforced</Action>
                             <EnforcementResult>
                                <ID>-1</ID>
                                <HealthLevel>3</HealthLevel>
                                <ZoneName>Allow Full Access</ZoneName>
                                <ErrorCode>0</ErrorCode>
                                <TriggeringScanTime>2011-05-10T10:13:46.835-05:00</TriggeringScanTime>
                             </EnforcementResult>
                          </Assessment>
                       </Event>
                    </EC-Event>

                    05-10-11 10:13:53,038 [6116] INFO Scanner.ServerCom <> - Sending scanner.enforcement to the server at https://SERVER.company.com:8444/nac/engine
                    05-10-11 10:13:53,038 [6116] DEBUG Scanner.ServerCom <> - Connecting to https://SERVER.company.com:8444/nac/engine
                    05-10-11 10:13:53,069 [6116] DEBUG Scanner.ServerCom <> - Sending post
                    05-10-11 10:13:53,116 [6116] INFO Scanner.ServerCom <> - The server returned HTTP status: 200
                    05-10-11 10:13:53,116 [6116] DEBUG Scanner.ServerCom <> -
                    05-10-11 10:13:53,116 [6116] DEBUG Scanner.ServerCom <> - Headers:
                    agentguid = B7E557A2-8B2D-4D6A-ADD2-EE9D2192A382
                    content-length = 0
                    content-type =
                    date = Tue, 10 May 2011 15:13:53 GMT
                    default-health-level = 5
                    http/1.1 = OK
                    malicious-behavior = false
                    malicious-health-level = -1
                    mnac-is-shared-secret = <encrypted value>
                    mnac-is-shared-secret2 = <encrypted value>
                    mnac-is-udp-port = 58446
                    periodic-message-version = 1
                    server = Undefined
                    status = SCAN_SUCCESSFUL
                    transfer-encoding =

                    05-10-11 10:13:53,116 [6116] DEBUG Scanner.ServerCom <> - Using keys from memory
                    05-10-11 10:13:53,850 [5208] DEBUG Scanner.ScannerComm <> - writing message type 5 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:13:53,850 [5208] DEBUG Scanner.ScannerComm <> - message sent
                    05-10-11 10:13:53,850 [5208] DEBUG Scanner.ScannerComm <> - writing message type 6 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:13:54,053 [5208] DEBUG Scanner.ScannerComm <> - writing message type 6 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:13:54,053 [5208] DEBUG Scanner.ScannerComm <> - message sent
                    05-10-11 10:13:54,053 [5208] DEBUG Scanner.ScannerComm <> - writing message type 8 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:13:54,053 [5208] DEBUG Scanner.ScannerComm <> - message sent
                    05-10-11 10:13:54,053 [5208] DEBUG Scanner.ScannerComm <> - writing message type 8 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:13:54,225 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 10:13:54,225 [4032] DEBUG Scanner <> - Registry re-loaded
                    05-10-11 10:13:54,257 [5208] DEBUG Scanner.ScannerComm <> - writing message type 8 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:13:54,257 [5208] DEBUG Scanner.ScannerComm <> - message sent
                    05-10-11 10:17:23,242 [2536] DEBUG Scanner.ScanEngine <> - cmd: %ComSpec% param: Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f
                    05-10-11 10:17:23,242 [2536] DEBUG Scanner.ScannerComm <> - Posting remediation results to all listeners
                    05-10-11 10:17:23,258 [5208] DEBUG Scanner.ScannerComm <> - writing message type 8 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:17:23,258 [5208] DEBUG Scanner.ScannerComm <> - message sent
                    05-10-11 10:17:23,336 [5048] DEBUG Scanner.ScanEngine <> - ScanEngine::processScan()
                    05-10-11 10:17:23,555 [5048] ERROR Scanner.ScanEngine <> - Next scan time from Agent is Zero, Error: Scan task not found
                    05-10-11 10:17:23,570 [5048] WARN Scanner.ScanEngine <> - Next scan time from Agent is ZERO, setting 1 day offset as failsafe!
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - scan results detail: 1
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - min health level enabled: 1
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - min health level: 3
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - Creating ScanHost for scan
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - Calling NetServerGetInfo()
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - GetNativeSystemInfo present
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - major: 5 minor: 1
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - prodType: 1 procArch: 0
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - Successful... results: System Platform: Windows
                             Family: NT
                            Version: XP Professional
                       NetBIOS Name:
                        Domain Name:
                    Current User(s):

                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - Calling NetWkstaGetInfo()
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - Successful... results: System Platform: Windows
                             Family: NT
                            Version: XP Professional
                       NetBIOS Name: ECLARKDT02
                        Domain Name: ABS
                    Current User(s):

                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - Calling NetWkstaUserEnum()
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner <> - Successful... results: System Platform: Windows
                             Family: NT
                            Version: XP Professional
                       NetBIOS Name: ECLARKDT02
                        Domain Name: ABS
                    Current User(s): ABS\ECLARKDT02$, ABS\EGuhlin

                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - SHP[0]: name: ABS MNAC - VSE Policy description: This will check the VirusScan version, DAT version, McShield service and the Framework service.
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - localMessage: Your VirusScan Enterprise is out of compliance. McAfee will attempt to automatically remediate the compliance issue[s]. Please ensure that you have network connectivity.  If you have any questions or need assistance, please contact the Customer Service Center at 1-281-877-6499. enabled: 1
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - # benchmarks: 1
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - shp->type: 0
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - benchmark[0]: guid: E612C82B-6ED4-4BA1-8C5B-24380FD47EDF profile:  enforcemode: 1
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine.PA <> - Creating scan...
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine.PA <> - Succesfully created scan
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine <> - PACreateScan scanid: 244
                    05-10-11 10:17:23,570 [5048] INFO Scanner.ScanEngine <> - **** Starting scan with PAStartScan...
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine.PA <> - Starting scan...
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:23,570 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,883 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,883 [5048] DEBUG Scanner.ScanEngine.PA <> - scan completed
                    05-10-11 10:17:25,883 [5048] INFO Scanner.ScanEngine <> - **** ...PAStartScan Completed
                    05-10-11 10:17:25,883 [5048] DEBUG Scanner.ScanEngine.PA <> - get scan results
                    05-10-11 10:17:25,898 [5048] DEBUG Scanner.ScanEngine.XML <> - ScanEngine results XML:
                    <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
                    <TestResult xmlns="http://checklists.nist.gov/xccdf/1.1" end-time="2011-05-10T15:17:25" id="notApplicable" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.xsd">
                       <benchmark href="ABS_Test" />
                       <target>ECLARKDT02.abs.com</target>
                       <target-facts>
                          <fact name="PAAuditEngineVersion" type="string">5.2.0</fact>
                          <fact name="system_info" type="string"><?xml version="1.0" encoding="UTF-16" standalone="no" ?><system_info xmlns="Microsoft" _mce_href="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"><os_n ame>Microsoft">http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"><o s_name>Microsoft Windows XP</os_name><os_version>5.1 build 2600</os_version><architecture>INTEL32</architecture><primary_host_name>ECLARKD T02.abs.com</primary_host_name><interfaces><interface><interface_name>Intel(R) 82566DM Gigabit Network Connection - Packet Scheduler Miniport</interface_name><ip_address>172.27.2.198</ip_address><mac_address>00-0 F-FE-4D-0E-BB</mac_address></interface></interfaces></system_info></fact>
                       </target-facts>
                       <rule-result idref="McAfeeVirusScanEnterpriseRealTimeDetectionEnabled" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>%comspec%</cmd><params>/c net.exe start mcshield || %comspec% /c net.exe continue mcshield</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4239" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4239" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMinimumProductVersion" role="full" severity="low">
                          <result>pass</result>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4237" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4237" result="true" version="18" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeAgentCheck" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>%COMSPEC%</cmd><params>"P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:5062" result="true" version="18">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:5062" result="true" version="15" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeFrameworkServiceRunning" role="full" severity="medium">
                          <result>pass</result>
                          <fix><cmd>%comspec%</cmd><params>/c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4579" result="true" version="18">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4579" result="true" version="14" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMaximumDATAge" role="full" severity="info">
                          <result>pass</result>
                          <fix><cmd>$MAUPDATENOW</cmd></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:50760" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:50760" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMaximumDATAge_1" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>$MAUPDATENOW</cmd></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:50760" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:50760" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="_ABSScreensaverCheck" role="full" severity="low">
                          <result>fail</result>
                          <fix><cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:HOUVEPO02.abs.com:def:2011050409493702200" result="false" version="2">
                                   <criteria operator="AND" result="false">
                                      <criterion result="true" test_ref="oval:HOUVEPO02.abs.com:tst:2011050409493702202" variable_instance="0" version="3" />
                                      <criterion result="false" test_ref="oval:HOUVEPO02.abs.com:tst:2011050409493702203" variable_instance="0" version="2" />
                                   </criteria>
                                </definition>
                                <tests xmlns="http://oval.mitre.org/XMLSchema/oval-results-5">
                                   <test check="only one" check_existence="at_least_one_exists" result="true" test_id="oval:HOUVEPO02.abs.com:tst:2011050409493702202" variable_instance="0" version="3">
                                      <tested_item item_id="3651" result="true" />
                                   </test>
                                   <test check="at least one" check_existence="at_least_one_exists" result="false" test_id="oval:HOUVEPO02.abs.com:tst:2011050409493702203" variable_instance="0" version="2">
                                      <tested_item item_id="3652" result="not evaluated" />
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:2011050409493702208">HKEY_CURRENT_USER< /tested_variable>
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:2011050409493702209">Software\Policies\ Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE</tested_variable>
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:20110504094937022010">HKCU\Software\Pol icies\Microsoft\Windows\Control Panel\Desktop</tested_variable>
                                   </test>
                                </tests>
                                <collected_objects xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
                                   <object flag="complete" id="oval:HOUVEPO02.abs.com:obj:2011050409493702204" version="5">
                                      <reference item_ref="3651" />
                                   </object>
                                   <object flag="does not exist" id="oval:HOUVEPO02.abs.com:obj:2011050409493702205" version="4">
                                      <reference item_ref="3652" />
                                   </object>
                                </collected_objects>
                                <system_data xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
                                   <family_item id="3651" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
                                      <family>windows</family>
                                   </family_item>
                                   <registry_item id="3652" status="does not exist" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows">
                                      <hive status="does not exist">HKEY_CURRENT_USER</hive>
                                      <key status="does not exist">Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE</key>
                                      <name status="does not exist">HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop</name>
                                   </registry_item>
                                </system_data>
                             </check-content>
                          </check>
                       </rule-result>
                       <score system="urn:xccdf:scoring:default">85.71429</score>
                       <score maximum="7" system="urn:xccdf:scoring:flat">6</score>
                       <score maximum="7" system="urn:xccdf:scoring:flat-unweighted">6</score>
                       <score maximum="1" system="urn:xccdf:scoring:absolute">0</score>
                    </TestResult>

                    05-10-11 10:17:25,914 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:25,914 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:25,914 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,914 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,930 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseRealTimeDetectionEnabled
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,945 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%comspec%</cmd><params>/c net.exe start mcshield || %comspec% /c net.exe continue mcshield</params>
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %comspec%
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine <> - rparam: /c net.exe start mcshield || %comspec% /c net.exe continue mcshield
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMinimumProductVersion
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeAgentCheck
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,961 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%COMSPEC%</cmd><params>"P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall</params>
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %COMSPEC%
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - rparam: "P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeFrameworkServiceRunning
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - Severity: medium
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%comspec%</cmd><params>/c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework</params>
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %comspec%
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - rparam: /c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework
                    05-10-11 10:17:25,977 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMaximumDATAge
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine <> - Severity: info
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>$MAUPDATENOW</cmd>
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine <> - rcmd: $MAUPDATENOW
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMaximumDATAge_1
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:25,992 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>$MAUPDATENOW</cmd>
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine <> - rcmd: $MAUPDATENOW
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: _ABSScreensaverCheck
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,008 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - Result: fail
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params>
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %ComSpec%
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - rparam: Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Freeing scan...
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - SHP[1]: name: ABS_Health_Policy description: ABS PC Health Policy
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - localMessage: Your PC is not compliant. enabled: 1
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - # benchmarks: 1
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - shp->type: 0
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - benchmark[0]: guid: E612C82B-6ED4-4BA1-8C5B-24380FD47EDF profile:  enforcemode: 2
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Creating scan...
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Succesfully created scan
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine <> - PACreateScan scanid: 245
                    05-10-11 10:17:26,023 [5048] INFO Scanner.ScanEngine <> - **** Starting scan with PAStartScan...
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Starting scan...
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:26,023 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,274 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,274 [5048] DEBUG Scanner.ScanEngine.PA <> - scan completed
                    05-10-11 10:17:28,274 [5048] INFO Scanner.ScanEngine <> - **** ...PAStartScan Completed
                    05-10-11 10:17:28,274 [5048] DEBUG Scanner.ScanEngine.PA <> - get scan results
                    05-10-11 10:17:28,289 [5048] DEBUG Scanner.ScanEngine.XML <> - ScanEngine results XML:
                    <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
                    <TestResult xmlns="http://checklists.nist.gov/xccdf/1.1" end-time="2011-05-10T15:17:28" id="notApplicable" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.xsd">
                       <benchmark href="ABS_Test" />
                       <target>ECLARKDT02.abs.com</target>
                       <target-facts>
                          <fact name="PAAuditEngineVersion" type="string">5.2.0</fact>
                          <fact name="system_info" type="string"><?xml version="1.0" encoding="UTF-16" standalone="no" ?><system_info xmlns="Microsoft" _mce_href="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"><os_n ame>Microsoft">http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"><o s_name>Microsoft Windows XP</os_name><os_version>5.1 build 2600</os_version><architecture>INTEL32</architecture><primary_host_name>ECLARKD T02.abs.com</primary_host_name><interfaces><interface><interface_name>Intel(R) 82566DM Gigabit Network Connection - Packet Scheduler Miniport</interface_name><ip_address>172.27.2.198</ip_address><mac_address>00-0 F-FE-4D-0E-BB</mac_address></interface></interfaces></system_info></fact>
                       </target-facts>
                       <rule-result idref="McAfeeVirusScanEnterpriseRealTimeDetectionEnabled" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>%comspec%</cmd><params>/c net.exe start mcshield || %comspec% /c net.exe continue mcshield</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4239" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4239" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMinimumProductVersion" role="full" severity="low">
                          <result>pass</result>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4237" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4237" result="true" version="18" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeAgentCheck" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>%COMSPEC%</cmd><params>"P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:5062" result="true" version="18">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:5062" result="true" version="15" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeFrameworkServiceRunning" role="full" severity="medium">
                          <result>pass</result>
                          <fix><cmd>%comspec%</cmd><params>/c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:4579" result="true" version="18">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:4579" result="true" version="14" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMaximumDATAge" role="full" severity="info">
                          <result>pass</result>
                          <fix><cmd>$MAUPDATENOW</cmd></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:50760" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:50760" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="McAfeeVirusScanEnterpriseMaximumDATAge_1" role="full" severity="low">
                          <result>pass</result>
                          <fix><cmd>$MAUPDATENOW</cmd></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:com.mcafee.oval.common:def:50760" result="true" version="20">
                                   <criteria operator="AND" result="true">
                                      <extend_definition definition_ref="oval:com.mcafee.oval:def:50760" result="true" version="19" />
                                      <criteria operator="OR" result="true">
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61443" result="true" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61441" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61496" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61500" result="false" version="5" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:60942" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61437" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61442" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61440" result="false" version="7" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61002" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61438" result="false" version="8" />
                                         <extend_definition definition_ref="oval:com.mcafee.oval:def:61439" result="false" version="9" />
                                      </criteria>
                                   </criteria>
                                </definition>
                             </check-content>
                          </check>
                       </rule-result>
                       <rule-result idref="_ABSScreensaverCheck" role="full" severity="low">
                          <result>fail</result>
                          <fix><cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params></fix>
                          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                             <check-content>
                                <definition xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" definition_id="oval:HOUVEPO02.abs.com:def:2011050409493702200" result="false" version="2">
                                   <criteria operator="AND" result="false">
                                      <criterion result="true" test_ref="oval:HOUVEPO02.abs.com:tst:2011050409493702202" variable_instance="0" version="3" />
                                      <criterion result="false" test_ref="oval:HOUVEPO02.abs.com:tst:2011050409493702203" variable_instance="0" version="2" />
                                   </criteria>
                                </definition>
                                <tests xmlns="http://oval.mitre.org/XMLSchema/oval-results-5">
                                   <test check="only one" check_existence="at_least_one_exists" result="true" test_id="oval:HOUVEPO02.abs.com:tst:2011050409493702202" variable_instance="0" version="3">
                                      <tested_item item_id="3679" result="true" />
                                   </test>
                                   <test check="at least one" check_existence="at_least_one_exists" result="false" test_id="oval:HOUVEPO02.abs.com:tst:2011050409493702203" variable_instance="0" version="2">
                                      <tested_item item_id="3680" result="not evaluated" />
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:2011050409493702208">HKEY_CURRENT_USER< /tested_variable>
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:2011050409493702209">Software\Policies\ Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE</tested_variable>
                                      <tested_variable variable_id="oval:HOUVEPO02.abs.com:var:20110504094937022010">HKCU\Software\Pol icies\Microsoft\Windows\Control Panel\Desktop</tested_variable>
                                   </test>
                                </tests>
                                <collected_objects xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
                                   <object flag="complete" id="oval:HOUVEPO02.abs.com:obj:2011050409493702204" version="5">
                                      <reference item_ref="3679" />
                                   </object>
                                   <object flag="does not exist" id="oval:HOUVEPO02.abs.com:obj:2011050409493702205" version="4">
                                      <reference item_ref="3680" />
                                   </object>
                                </collected_objects>
                                <system_data xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
                                   <family_item id="3679" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
                                      <family>windows</family>
                                   </family_item>
                                   <registry_item id="3680" status="does not exist" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows">
                                      <hive status="does not exist">HKEY_CURRENT_USER</hive>
                                      <key status="does not exist">Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE</key>
                                      <name status="does not exist">HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop</name>
                                   </registry_item>
                                </system_data>
                             </check-content>
                          </check>
                       </rule-result>
                       <score system="urn:xccdf:scoring:default">85.71429</score>
                       <score maximum="7" system="urn:xccdf:scoring:flat">6</score>
                       <score maximum="7" system="urn:xccdf:scoring:flat-unweighted">6</score>
                       <score maximum="1" system="urn:xccdf:scoring:absolute">0</score>
                    </TestResult>

                    05-10-11 10:17:28,320 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:28,320 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:28,320 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,320 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseRealTimeDetectionEnabled
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,336 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%comspec%</cmd><params>/c net.exe start mcshield || %comspec% /c net.exe continue mcshield</params>
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %comspec%
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - rparam: /c net.exe start mcshield || %comspec% /c net.exe continue mcshield
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMinimumProductVersion
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeAgentCheck
                    05-10-11 10:17:28,352 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%COMSPEC%</cmd><params>"P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall</params>
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %COMSPEC%
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine <> - rparam: "P:\PC_Scan\vse.856\FramePKG.exe" /install=agent /forceinstall
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeFrameworkServiceRunning
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,367 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine <> - Severity: medium
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%comspec%</cmd><params>/c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework</params>
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %comspec%
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine <> - rparam: /c net.exe start McAfeeFramework|| %comspec% /c net.exe continue McAfeeFramework
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMaximumDATAge
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,383 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,399 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - Severity: info
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>$MAUPDATENOW</cmd>
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - rcmd: $MAUPDATENOW
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: McAfeeVirusScanEnterpriseMaximumDATAge_1
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - Result: pass
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>$MAUPDATENOW</cmd>
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - rcmd: $MAUPDATENOW
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine <> - Rule Name: _ABSScreensaverCheck
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,414 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetRuleDetails
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - Severity: low
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - Result: fail
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params>
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %ComSpec%
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - rparam: Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - Remediation is disabled, ignoring command: %ComSpec%
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - in PAGetBenchMarkDetails
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Abt to send msg
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Sending message: write worked
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Agent has responded
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine.PA <> - Freeing scan...
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - completed remed set, count is: 1
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - remediations match, stopping processing
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - remediation complete called: 0
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - NAPSHA_remediation called, rpending: 0
                    05-10-11 10:17:28,430 [5048] DEBUG Scanner.ScanEngine <> - results: Scan Results--
                    Id:                -1
                    Health Level:      3
                    Scan Status:       SCAN_SUCCESSFUL
                    Next Scan:         2011-05-11T10:17:23.000-05:00
                    Enforce Mode:      Enforce
                    Policy Version:    1304638057
                    Failed SHP Names:  ABS MNAC - VSE Policy,ABS_Health_Policy
                    Applied SHP Names: ABS MNAC - VSE Policy,ABS_Health_Policy
                    Error code:        0
                    Event Time:        2011-05-10T10:17:23.336-05:00
                    --------------  Benchmark  -----------
                    Benchmark:         0
                    Title:             ABS_Test
                    Profile:          
                    Version:           E612C82B-6ED4-4BA1-8C5B-24380FD47EDF
                    Enforce Mode:      Enforce
                    Failed Rule Names: _ABSScreensaverCheck
                    Health Level:      3
                    RuntimeDelta:      0
                    Error Code:        0
                    ==============     Rule    ===========
                    Rule:              0
                    Name:              McAfeeVirusScanEnterpriseRealTimeDetectionEnabled
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              1
                    Name:              McAfeeVirusScanEnterpriseMinimumProductVersion
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              2
                    Name:              McAfeeAgentCheck
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              3
                    Name:              McAfeeFrameworkServiceRunning
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              4
                    Name:              McAfeeVirusScanEnterpriseMaximumDATAge
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              5
                    Name:              McAfeeVirusScanEnterpriseMaximumDATAge_1
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              6
                    Name:              _ABSScreensaverCheck
                    Health Level:      3
                    Result:            fail
                    Message:           Your VirusScan Enterprise is out of compliance. McAfee will attempt to automatically remediate the compliance issue[s]. Please ensure that you have network connectivity.  If you have any questions or need assistance, please contact the Customer Service Center at 1-281-877-6499.
                    --------------  Benchmark  -----------
                    Benchmark:         1
                    Title:             ABS_Test
                    Profile:          
                    Version:           E612C82B-6ED4-4BA1-8C5B-24380FD47EDF
                    Enforce Mode:      Audit
                    Failed Rule Names: _ABSScreensaverCheck
                    Health Level:      3
                    RuntimeDelta:      0
                    Error Code:        0
                    ==============     Rule    ===========
                    Rule:              0
                    Name:              McAfeeVirusScanEnterpriseRealTimeDetectionEnabled
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              1
                    Name:              McAfeeVirusScanEnterpriseMinimumProductVersion
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              2
                    Name:              McAfeeAgentCheck
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              3
                    Name:              McAfeeFrameworkServiceRunning
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              4
                    Name:              McAfeeVirusScanEnterpriseMaximumDATAge
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              5
                    Name:              McAfeeVirusScanEnterpriseMaximumDATAge_1
                    Health Level:      1
                    Result:            pass
                    Message:          
                    ==============     Rule    ===========
                    Rule:              6
                    Name:              _ABSScreensaverCheck
                    Health Level:      3
                    Result:            fail
                    Message:           Your PC is not compliant.

                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm <> - Posting scan results to all listeners
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - zone name: Allow Full Access
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - MSNAPEnabled: 0
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - enforceNapHealth called, healthLevel: 1
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ServerCom <> - Using keys from memory
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - Nap settings unchanged, not notifying SOH change
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - zone name: Allow Full Access
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - rule[0]: *
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - Wildcard whitelist rule found, not doing enforcement
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm.Enforcement <> - Disabling Firewall
                    05-10-11 10:17:28,445 [5048] DEBUG Scanner.ScannerComm <> - Posting enforcement data to all listeners
                    05-10-11 10:17:28,445 [6116] DEBUG Scanner.ServerCom <> - Preparing to send XML data:
                    <?xml version="1.0" encoding="UTF-8" ?>
                    <EC-Event xmlns="http://www.nai.com/ec">
                       <CreateTime>2011-05-10T10:17:28.445-05:00</CreateTime>
                       <Analyzer>
                          <Sensor>
                             <Name>McAfee Network Access Control Client</Name>
                             <ProductVersion>3.2.0.835</ProductVersion>
                             <ProductFamily>EC</ProductFamily>
                             <Type>scanner</Type>
                             <AgentAvailable>true</AgentAvailable>
                             <EnforcementEnabled>self</EnforcementEnabled>
                             <RemoteEnabled>false</RemoteEnabled>
                          </Sensor>
                          <User>
                             <Name>NT AUTHORITY\SYSTEM</Name>
                          </User>
                          <Node>
                             <Name>ECLARKDT02</Name>
                             <Interface>
                                <Address>172.27.2.198</Address>
                                <MACAddress>00:0f:fe:4d:0e:bb</MACAddress>
                                <SubnetMask>255.255.255.0</SubnetMask>
                                <NetworkAddress>172.27.2.0</NetworkAddress>
                             </Interface>
                             <OSType>
                                <Platform>Windows</Platform>
                                <Family>NT</Family>
                                <Version>XP Professional</Version>
                             </OSType>
                             <GroupName>ABS</GroupName>
                             <NetBIOSName>ECLARKDT02</NetBIOSName>
                             <Comment>009071</Comment>
                             <AgentGUID>{B7E557A2-8B2D-4D6A-ADD2-EE9D2192A382}</AgentGUID>
                             <IBacData>AUFCU1xlZ3VobGluAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0VDTEFSS0RUMDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC mFicy5jb20AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwESBQEAAwAAARwBBQAAAAAABRUAAACT42JIT WRJLoM9K0aY5QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</IBacDat a>
                          </Node>
                       </Analyzer>
                       <Event>
                          <DetectTime>2011-05-10T10:17:23.336-05:00</DetectTime>
                          <Classification>
                             <EventClassification>scanner.results</EventClassification>
                          </Classification>
                          <Assessment>
                             <ScanResult>
                                <ID>-1</ID>
                                <HealthLevel>3</HealthLevel>
                                <ScanStatus>SCAN_SUCCESSFUL</ScanStatus>
                                <NextScanTime>2011-05-11T10:17:23.000-05:00</NextScanTime>
                                <EnforceMode>Enforce</EnforceMode>
                                <EnforceHealthLevel>3</EnforceHealthLevel>
                                <PolicyVersion>1304638057</PolicyVersion>
                                <PolicyType>MANAGED</PolicyType>
                                <ContentVersion>GW3hQDmMoGnI2yNnSbG0/5gEE0U=</ContentVersion>
                                <FailedBenchmarks>ABS_Test,ABS_Test</FailedBenchmarks>
                                <FailedSHPNames>ABS MNAC - VSE Policy,ABS_Health_Policy</FailedSHPNames>
                                <AppliedSHPNames>ABS MNAC - VSE Policy,ABS_Health_Policy</AppliedSHPNames>
                                <ErrorCode>0</ErrorCode>
                                <BenchmarkResults>
                                   <Title>ABS_Test</Title>
                                   <Profile />
                                   <VersionGUID>E612C82B-6ED4-4BA1-8C5B-24380FD47EDF</VersionGUID>
                                   <EnforceMode>Enforce</EnforceMode>
                                   <FailedRuleNames>_ABSScreensaverCheck</FailedRuleNames>
                                   <AppliedHealthLevel>3</AppliedHealthLevel>
                                   <ErrorCode>0</ErrorCode>
                                   <RuntimeDelta>0</RuntimeDelta>
                                   <RuleResults>
                                      <Name>_ABSScreensaverCheck</Name>
                                      <AppliedHealthLevel>3</AppliedHealthLevel>
                                      <Result>fail</Result>
                                      <Message>
                                         <![CDATA[
                    Your VirusScan Enterprise is out of compliance. McAfee will attempt to automatically remediate the compliance issue[s]. Please ensure that you have network connectivity.  If you have any questions or need assistance, please contact the Customer Service Center at 1-281-877-6499.
                    ]]>
                                      </Message>
                                   </RuleResults>
                                </BenchmarkResults>
                                <BenchmarkResults>
                                   <Title>ABS_Test</Title>
                                   <Profile />
                                   <VersionGUID>E612C82B-6ED4-4BA1-8C5B-24380FD47EDF</VersionGUID>
                                   <EnforceMode>Audit</EnforceMode>
                                   <FailedRuleNames>_ABSScreensaverCheck</FailedRuleNames>
                                   <AppliedHealthLevel>3</AppliedHealthLevel>
                                   <ErrorCode>0</ErrorCode>
                                   <RuntimeDelta>0</RuntimeDelta>
                                   <RuleResults>
                                      <Name>_ABSScreensaverCheck</Name>
                                      <AppliedHealthLevel>3</AppliedHealthLevel>
                                      <Result>fail</Result>
                                      <Message>
                                         <![CDATA[
                    Your PC is not compliant.
                    ]]>
                                      </Message>
                                   </RuleResults>
                                </BenchmarkResults>
                             </ScanResult>
                             <Action>None</Action>
                          </Assessment>
                       </Event>
                    </EC-Event>

                    05-10-11 10:17:28,461 [6116] INFO Scanner.ServerCom <> - Sending scanner.results to the server at https://SERVER.company.com:8444/nac/engine
                    05-10-11 10:17:28,461 [6116] DEBUG Scanner.ServerCom <> - Connecting to https://SERVER.company.com:8444/nac/engine
                    05-10-11 10:17:28,492 [6116] DEBUG Scanner.ServerCom <> - Sending post
                    05-10-11 10:17:28,539 [6116] INFO Scanner.ServerCom <> - The server returned HTTP status: 200
                    05-10-11 10:17:28,539 [6116] DEBUG Scanner.ServerCom <> -
                    05-10-11 10:17:28,539 [6116] DEBUG Scanner.ServerCom <> - Headers:
                    agentguid = B7E557A2-8B2D-4D6A-ADD2-EE9D2192A382
                    content-length = 0
                    content-type =
                    date = Tue, 10 May 2011 15:17:28 GMT
                    default-health-level = 5
                    http/1.1 = OK
                    malicious-behavior = false
                    malicious-health-level = -1
                    mnac-is-shared-secret = <encrypted value>
                    mnac-is-shared-secret2 = <encrypted value>
                    mnac-is-udp-port = 58446
                    needs-new-content = false
                    needs-new-policy = false
                    periodic-message-version = 1
                    server = Undefined
                    status = SCAN_SUCCESSFUL
                    transfer-encoding =

                    05-10-11 10:17:28,539 [6116] DEBUG Scanner.ServerCom <> - Using keys from memory
                    05-10-11 10:17:28,555 [4032] DEBUG Scanner <> - Registry change detected - pausing for changes
                    05-10-11 10:17:28,555 [6116] DEBUG Scanner.ServerCom <> - Preparing to send XML data:
                    <?xml version="1.0" encoding="UTF-8" ?>
                    <EC-Event xmlns="http://www.nai.com/ec">
                       <CreateTime>2011-05-10T10:17:28.555-05:00</CreateTime>
                       <Analyzer>
                          <Sensor>
                             <Name>McAfee Network Access Control Client</Name>
                             <ProductVersion>3.2.0.835</ProductVersion>
                             <ProductFamily>EC</ProductFamily>
                             <Type>scanner</Type>
                             <AgentAvailable>true</AgentAvailable>
                             <EnforcementEnabled>self</EnforcementEnabled>
                             <RemoteEnabled>false</RemoteEnabled>
                          </Sensor>
                          <User>
                             <Name>NT AUTHORITY\SYSTEM</Name>
                          </User>
                          <Node>
                             <Name>ECLARKDT02</Name>
                             <Interface>
                                <Address>172.27.2.198</Address>
                                <MACAddress>00:0f:fe:4d:0e:bb</MACAddress>
                                <SubnetMask>255.255.255.0</SubnetMask>
                                <NetworkAddress>172.27.2.0</NetworkAddress>
                             </Interface>
                             <OSType>
                                <Platform>Windows</Platform>
                                <Family>NT</Family>
                                <Version>XP Professional</Version>
                             </OSType>
                             <GroupName>ABS</GroupName>
                             <NetBIOSName>ECLARKDT02</NetBIOSName>
                             <Comment>009071</Comment>
                             <AgentGUID>{B7E557A2-8B2D-4D6A-ADD2-EE9D2192A382}</AgentGUID>
                             <IBacData>AUFCU1xlZ3VobGluAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0VDTEFSS0RUMDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC mFicy5jb20AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwESBQEAAwAAARwBBQAAAAAABRUAAACT42JIT WRJLoM9K0aY5QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==</IBacDat a>
                          </Node>
                       </Analyzer>
                       <Event>
                          <DetectTime>2011-05-10T10:17:28.445-05:00</DetectTime>
                          <Classification>
                             <EventClassification>host.enforcement.local</EventClassification>
                          </Classification>
                          <Assessment>
                             <Action>Enforced</Action>
                             <EnforcementResult>
                                <ID>-1</ID>
                                <HealthLevel>3</HealthLevel>
                                <ZoneName>Allow Full Access</ZoneName>
                                <ErrorCode>0</ErrorCode>
                                <TriggeringScanTime>2011-05-10T10:17:23.336-05:00</TriggeringScanTime>
                             </EnforcementResult>
                          </Assessment>
                       </Event>
                    </EC-Event>

                    05-10-11 10:17:28,555 [6116] INFO Scanner.ServerCom <> - Sending scanner.enforcement to the server at https://SERVER.company.com:8444/nac/engine
                    05-10-11 10:17:28,555 [6116] DEBUG Scanner.ServerCom <> - Connecting to https://SERVER.company.com:8444/nac/engine
                    05-10-11 10:17:28,586 [6116] DEBUG Scanner.ServerCom <> - Sending post
                    05-10-11 10:17:28,633 [6116] INFO Scanner.ServerCom <> - The server returned HTTP status: 200
                    05-10-11 10:17:28,633 [6116] DEBUG Scanner.ServerCom <> -
                    05-10-11 10:17:28,633 [6116] DEBUG Scanner.ServerCom <> - Headers:
                    agentguid = B7E557A2-8B2D-4D6A-ADD2-EE9D2192A382
                    content-length = 0
                    content-type =
                    date = Tue, 10 May 2011 15:17:28 GMT
                    default-health-level = 5
                    http/1.1 = OK
                    malicious-behavior = false
                    malicious-health-level = -1
                    mnac-is-shared-secret = <encrypted value>
                    mnac-is-shared-secret2 = <encrypted value>
                    mnac-is-udp-port = 58446
                    periodic-message-version = 1
                    server = Undefined
                    status = SCAN_SUCCESSFUL
                    transfer-encoding =

                    05-10-11 10:17:28,633 [6116] DEBUG Scanner.ServerCom <> - Using keys from memory
                    05-10-11 10:17:29,258 [5208] DEBUG Scanner.ScannerComm <> - writing message type 5 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:17:29,258 [5208] DEBUG Scanner.ScannerComm <> - message sent
                    05-10-11 10:17:29,258 [5208] DEBUG Scanner.ScannerComm <> - writing message type 6 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:17:29,461 [5208] DEBUG Scanner.ScannerComm <> - writing message type 6 to: \\.\pipe\MNACScannerClient_14a0-4dc17088-1
                    05-10-11 10:17:29,461 [5208] DEBUG Scanner.ScannerComm <> - message sent
                    05-10-11 10:17:29,758 [4032] DEBUG Scanner <> - Locking registry access
                    05-10-11 10:17:29,758 [4032] DEBUG Scanner <> - Registry re-loaded

                    • 7. Re: MNAC Remediation Commands Not Functioning
                      mmoore3

                      05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - Result: fail

                      05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - fix: <cmd>%ComSpec%</cmd><params>Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f</params>

                      05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - rcmd: %ComSpec%

                      05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - rparam: Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f

                      05-10-11 10:13:52,866 [5048] DEBUG Scanner.ScanEngine <> - Remediation is disabled, ignoring command: %ComSpec%

                      • 8. Re: MNAC Remediation Commands Not Functioning
                        eguhlin

                        According to what I am seeing in my configuration, it is not matching the logs.  Am I missing it somewhere else?

                         

                        mNAC.jpg

                        • 9. Re: MNAC Remediation Commands Not Functioning
                          mmoore3

                          There are 3 spots to configure auto remediation. You have 2 listed above.

                           

                          What is the status of the _ABSScreensaverCheck rule in the ABS_Test benchmark?