Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1741 Views 5 Replies Latest reply: Nov 5, 2013 2:54 PM by devilson911 RSS
devilson911 Newcomer 78 posts since
May 28, 2007
Currently Being Moderated

Mar 26, 2013 10:50 AM

Remote Registry for windows Disabled-MVM scan canot run

Hi,

 

we have small problem, as part or our minimum security base line , in all our windows server Remote registry is disabled and we run the MVM scan the results that it was unable to find any thing and was partially access to the system.

 

some one can share his exprince how he mange this systems.

 

Thanks.

  • Community Leader 479 posts since
    Nov 3, 2009

    Hi D-911,

     

    When 7.5.2 is released there will be an option to dynamically enable Remote Registry during a Windows Scan.  This will be configurable via an Engine Tweak.

     

    7.5.2 should be coming out very soon...  then you can search the KB for "Dynamically enable Remote Registry" for the specific tweak I'm talking about.

     

    I hope that helps!
    Cathy

  • Community Leader 479 posts since
    Nov 3, 2009

    Hi D,

     

    7.5.2 went out yesterday.

     

    Here's the KB I was telling you about   KB77852 ... actually it's not published yet.  So here are the details:

     

    With version 7.5.2 a registry tweak is available that will remotely enable the service for the purpose of scanning, and will disable (or set the service back to it's original state) at the end of the scan.

    1. Open the registry editor on the scan engine. Click Start, Run, type regedit and click OK.
    2. Navigate to:

       * [HKEY_LOCAL_MACHINE]\SOFTWARE\Foundstone\Foundscan\Tweaks] (for 32-bit host) or

        * [HKEY_LOCAL_MACHINE]\SOFTWARE\Wow6432Node\Foundstone\Foundscan\Tweaks]  (for 64-bit host)

        ** if the key "Tweaks" doesn't exist, create it. **

     

      3. Create or modify the following tweak to the key:

        * Valuename:  WHAM - DynamicallyEnableRemoteRegistry
        * Valuetype: DWORD
        * Value: (enabled)) 

     

      4.  Restart the FSScanEngineSvc service for the tweak to take effect.

     

    I haven't actually tried it out yet, but it got quite a bit of QA ... so if you get results (good or bad) post here ok?

     

    Thanks!
    Cathy

     

    Message was edited by: cgrim I had the wrong registry hive on 4/5/13 5:10:29 PM CDT
  • marc Newcomer 17 posts since
    May 2, 2010

    Hi ´╗┐Cathy,

     

    greate tip.

     

    The Tweak works fine. I had the same Problem - Remoteregistry Service on Win7 Clients was stopped and and set to manual start.

    The Tweak started the service and stopped them after the scan.

     

    Many Thanks

     

    Marc

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points