we have small problem, as part or our minimum security base line , in all our windows server Remote registry is disabled and we run the MVM scan the results that it was unable to find any thing and was partially access to the system.
some one can share his exprince how he mange this systems.
When 7.5.2 is released there will be an option to dynamically enable Remote Registry during a Windows Scan. This will be configurable via an Engine Tweak.
7.5.2 should be coming out very soon... then you can search the KB for "Dynamically enable Remote Registry" for the specific tweak I'm talking about.
I hope that helps!
Thanks for your help, and will be waiting for 7.5.2 since iam getting big problem with scanning our DMZ servers every time we have to ask the admin to Start the service and disable after scan is done.
7.5.2 went out yesterday.
Here's the KB I was telling you about KB77852 ... actually it's not published yet. So here are the details:
With version 7.5.2 a registry tweak is available that will remotely enable the service for the purpose of scanning, and will disable (or set the service back to it's original state) at the end of the scan.
* [HKEY_LOCAL_MACHINE]\SOFTWARE\Foundstone\Foundscan\Tweaks] (for 32-bit host) or
* [HKEY_LOCAL_MACHINE]\SOFTWARE\Wow6432Node\Foundstone\Foundscan\Tweaks] (for 64-bit host)
** if the key "Tweaks" doesn't exist, create it. **
3. Create or modify the following tweak to the key:
* Valuename: WHAM - DynamicallyEnableRemoteRegistry
* Valuetype: DWORD
* Value: 1 (enabled))
4. Restart the FSScanEngineSvc service for the tweak to take effect.
I haven't actually tried it out yet, but it got quite a bit of QA ... so if you get results (good or bad) post here ok?
Message was edited by: cgrim I had the wrong registry hive on 4/5/13 5:10:29 PM CDT
The Tweak works fine. I had the same Problem - Remoteregistry Service on Win7 Clients was stopped and and set to manual start.
The Tweak started the service and stopped them after the scan.
the Feature has been added in the MVM 7.5 patch5.
thanks to MVM team.