Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-27-2018 08:18 AM Edited on ‎10-27-2023 05:37 AM By Community Manager

Article Id 194533

Technical Tip: Registry-Keys Custom Scan Fails

Description

 
This article discusses Registry-Keys Custom Scan Fails.
 
Scope
 
FortiNAC.


Solution

 

Issue: Scan is failing because a Registry-Keys Custom Scan is failing. 

To determine why the scan is failing it is possible to select over the failing Scan and a new window will pop up with the list of failing tests:

 

fails.PNG  customi.PNG
  • Navigate to Policy > Policy Configuration
  • Select Endpoint Compliance
  • Select the applicable endpoint compliance configuration associated with the matching endpoint compliance policy.
  • Select the pencil icon to view the scan configuration.
  • From the Category drop-down, select Custom.
  • Select the applicable scan.
matchi.PNG

The full path of Regedit in this example is: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters and it can be configured while choosing the drop down in Hive [HKEY_LOCAL_MACHINE] and than fill the Key Name starting with SYSTEM\

On the affected host itself, bring up Regedit and navigate to the location of the specified Key. 

 

windows.PNG

Solution: Change Key value in scan to match the key value in host (if host is indeed using the correct intended key). The scan now will succeed.

In case when debug is needed, enabling the following debug from FNAC CLI may show more details of what is seen in GUI:

 

> nacdebug -name AgentServer true
> logs
> tf output.nessus

yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport checkState = true
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() epcConfig - 1
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Anti-Virus :: Microsoft Windows Defender
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Anti-Virus :: Microsoft Windows Defender Engine Updates
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Anti-Virus :: Microsoft Windows Defender Signatures
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Anti-Virus :: Windows Defender Real-time Protection Check
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Anti-Virus :: Fortinet - FortiClient
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Operating-System :: Windows 10 x64
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Operating-System :: Windows 10 x64 Version
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Operating-System :: Windows 10 x64 Edition
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Operating-System :: Windows 10 x64 Critical and Security Updates
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Operating-System :: Windows 10 x64 Network Bridges
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Operating-System :: Trigger SCCM Evaluation
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Operating-System :: Windows 10 x64 AutoUpdates Label
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Custom::Mos e hap paint-in
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Custom::Mbaj hapur notepad-in
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() pass - Custom::Domain in Adapter
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() passedPolicy - true
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() webIPAddress - 10.1.3.11
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() uid - 9EE5AJSEBK55A5WM
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: userID after decoding = gimi
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() policy - f-Corporate-Scan
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() hw_name - win10-ffm
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport() os - Windows 10 Pro 6.3 22H2 10.0.19045.3570
yams.AgentServer FINER :: 2023-10-27 14:20:51:736 :: #37 :: addScanReport(): userID = gimi

Labels:
324
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.