Mcafee Pacc 600 Product Guide en-us

8/12/2019 Mcafee Pacc 600 Product Guide en-us

1/20

McAfee Policy Auditor Content Creator 6.0.0Product Guide


2/20

COPYRIGHT

Copyright 2011 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any formor by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE

SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTALPROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or othercountries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarksherein are the sole property of their respective owners.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOUPURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOUDO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSEGRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVEDSEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITEFROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THEAGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

McAfee Policy Auditor Content Creator 6.0.0 software Product Guide2


3/20

ContentsIntroducing McAfee Policy Auditor Content Creator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Finding product documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Installing McAfee Policy Auditor Content Creator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Things to know before installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Software and hardware requirements and recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Standalone installation options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Install McAfee Policy Auditor Content Creator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Install standalone version of software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Install as a deployable package in the Master Repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Managing templates, benchmarks, groups, and checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Create benchmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Create benchmark templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Create groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Export benchmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Export checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Create a benchmark from a template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Creating a benchmark. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Planning your benchmark. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

The file permission browser and how it works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Create a Windows File Permission check. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3McAfee Policy Auditor Content Creator 6.0.0 software Product Guide


4/20

Introducing McAfee Policy Auditor ContentCreator

McAfee

Policy Auditor Content Creator is designed to supplement the McAfee-supplied

benchmarks and checks with auditing rules that are specific to your organization. With its

simplified user interface, this tool can be used to create supplemental benchmarks and checks

without any knowledge of XCCDF or OVAL.You can export the benchmark or checks in XCCDF

or OVAL format and then import them into the McAfee

Benchmark Editor or check editor for

use in audits.

Contents

Audience

Conventions

Finding product documentation

AudienceMcAfee Policy Auditor Content Creator documentation is carefully researched and written for

the target audience.

The information in this guide is intended primarily for:

AdministratorsPeople who implement and enforce the company's security program.

UsersPeople who are responsible for configuring the product options on their system,

or for updating the product on their systems.

ConventionsThis guide uses the following typographical conventions.

Title of a book, chapter, or topic; introduction of a new term; emphasis.Book titleor Emphasis

Text that is strongly emphasized.BoldCommands and other text that the user types; the path of a folder or

program.User inputor Path

A code sample.Code

Words in the user interface including options, menus, buttons, and dialog

boxes.

User interface

A live link to a topic or to a website.Hypertext blue

Additional information, like an alternate method of accessing an option.Note

Suggestions and recommendations.Tip



5/20

Valuable advice to protect your computer system, software installation,

network, business, or data.

Important/Caution

Critical advice to prevent bodily harm when using a hardware product.Warning

Finding product documentationMcAfee provides the information you need during each phase of product implementation, from

installing to using and troubleshooting. After a product is released, information about the product

is entered into the McAfee online KnowledgeBase.

1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

Do this...To access...

User Documentation 1 Click Product Documentation.

2 Select a Product, then select a Version.

3 Select a product document.

KnowledgeBase Click Search the KnowledgeBasefor answers to your product questions.

Click Browse the KnowledgeBasefor articles listed by product and

version.

Introducing McAfee Policy Auditor Content CreatorFinding product documentation

http://mysupport.mcafee.com/http://mysupport.mcafee.com/


6/20

Installing McAfee Policy Auditor Content Creator

You can install McAfee Policy Auditor Content Creator as standalone software on supported

Windows systems or as a deployable package in the Master Repository of ePolicy Orchestrator

software version 4.5 or 4.6.

Contents

Things to know before installation

Software and hardware requirements and recommendations

Standalone installation options

Install McAfee Policy Auditor Content Creator

Things to know before installationBe sure that you have read, understood, and complied with the requirements detailed in Software

and hardware requirementsbefore you begin the installation.

You should have the following information available during the installation:

Windows authentication credentials You must provide credentials for a domain

administrator user account.

A destination folder for the software installation (required for Custom installations).

Software and hardware requirements andrecommendations

McAfee Policy Auditor Content Creator runs on supported Windows operating systems that

meet the software and hardware requirements.

Supported Windows operating systems

The standalone installation of McAfee Policy Auditor Content Creator supports the followingoperating systems:

X64 supportX86 supportOperating system

XWindows 2000

XXWindows 7

XXWindows Server 2003 Enterprise Edition

XXWindows Server 2003 R2 Enterprise Edition



7/20

X64 supportX86 supportOperating system

XXWindows Server 2003 R2 Standard Edition

XXWindows Server 2003 Standard Edition

XXWindows Server 2003 Web Edition

XXWindows Server 2008

XXWindows Vista

XXWindows XP Home

XXWindows XP Professional

Hardware and network requirements for Windows systems

These are the minimum requirements for McAfee Policy Auditor Content Creator support on

Windows systems:

RequirementsComponent

Intel Pentium-class, Celeron, or compatible processor; 166MHz processor or higher.

Processor

300 MB.Free disk space for agent plug-in (optional)

Sufficient disk space on client computers for each McAfee

product that have been installed. For more information,

see the corresponding product documentation.

Free disk space for other McAfee components

20 MB RAM.Free Memory

Microsoft or Novell NetWare networks. NetWare networks

require TCP\IP.

Network environment

10 Mbps or higher.Network interface card (NIC)

Software requirements and recommendations

Make sure you have the required and recommended software installed on your server system

before installing McAfee Policy Auditor Content Creator.

Requirements and recommendationsSoftware

Recommended Make sure your Microsoft software is running the

latest updates.

Microsoft updates

Standalone installation optionsThere are two options for the standalone installation of McAfee Policy Auditor Content Creator

on supported Windows systems. Each option walks you through the installation process using

the InstallShield Wizard.

Use the following table to determine which option is right for your environment.

DetailsInstallation option

The most direct installation path. Use this option if you want to accept McAfee's defaultinstallation settings.

Express

Installing McAfee Policy Auditor Content CreatorStandalone installation options



8/20

DetailsInstallation option

Customize your installation. Use this option when you want to specify the destination

folder where the software is installed (C:\Program Files\McAfee\Policy Auditor

Content Creatorby default).

Custom

Install McAfee Policy Auditor Content CreatorInstall McAfee Policy Auditor Content Creator as standalone software on supported Windows

systems or as a deployable package in the Master Repository.

Tasks

Install standalone version of software

Install as a deployable package in the Master Repository

Install standalone version of softwareYou can install a standalone version of McAfee Policy Auditor Content Creator by downloading

the software and running the InstallShield Wizard.

Before you begin

You must have local administrator account permissions to install the software.

Task

For option definitions, click ?in the interface.

1 Log on to the desired system using an account with local administrator permissions.

2 Download the product zip file from the McAfee download site and unzip the file to a

convenient location.

3 Double-click PACCSetup.exe. The InstallShield Wizard opens.

4 In the Welcome window of the installation wizard, click Next.

5 Accept the License Agreement, then click Next.

6 Choose whether you want an Express or a Custom installation, then click Next.

Express Accept the default installation folder.

Custom Specify a custom destination location for the software. When the Change

Current Destination Folder window opens, browse to your desired destination and create

any new folders if needed. When finished, click OK.

7 In the Ready to Install the Programdialog box, click Installto begin the installation.8 In the InstallShield Wizard Completeddialog box, click Finishto complete the installation.

Install as a deployable package in the Master Repository

You can install the software as a deployable package in the Master Repository on

ePolicy Orchestrator software version 4.5 or 4.6 systems.

After you have checked in the package, you can deploy it to a managed endpoint system. The

endpoint system does not have to have the McAfee Policy Auditor agent plug-in installed on it.

Installing McAfee Policy Auditor Content CreatorInstall McAfee Policy Auditor Content Creator



9/20

See the ePolicy Orchestrator software documentation for information on deploying the software

package to a managed system using the Product Deployment Task.

Task

For option definitions, click ?in the interface.

1 Download the product zip file from the McAfee download site.2 Click Menu | Software | Master Repository, then click Actions | Check in Package.The

Check in Package wizard opens.

3 Select the Product or Update (.ZIP)package type, then browse to and select the desired

package file.

Package infoConfirm this is the correct package.

BranchSelect the desired branch. If there are requirements in your environment to

test new packages before deploying them throughout the production environment,

McAfee recommends using the Evaluation branch whenever checking in packages.

Once you finish testing the packages, you can move them to the Current branch by

clicking Menu | Software | Master Repository.

OptionsSelect whether to:

Move the existing package to the Previous branchWhen selected, moves

packages in the master repository from the Current branch to the Previous branch

when a newer package of the same type is checked in. Available only when you

select Current in Branch.

Package signingSpecifies if the package is signed by McAfee or is third-party

package.

4 Click Saveto begin checking in the package, then wait while the package is checked in.

The McAfee Policy Auditor Content Creator software appears in the Packages in Master

Repository list on the Master Repository tab.

Installing McAfee Policy Auditor Content CreatorInstall McAfee Policy Auditor Content Creator



10/20

Managing templates, benchmarks, groups, andchecks

You can quickly create benchmarks that contain groups, subgroups, and rules.You can use

the software without having to learn the Extensible Configuration Checklist Description Format

(XCCDF) or Open Vulnerability and Assessment Language (OVAL) languages.

Contents

Create benchmarks

Create benchmark templates

Create groups

Export benchmarks

Export checks

Create a benchmark from a template

Create benchmarksYou can create benchmarks in McAfee Policy Auditor Content Creator for use in audits.

Benchmarks are documents containing an organized set of rules describing the desired stateof a system. A benchmark is the core component of an audit and can be used by McAfee Policy

Auditor as well as other McAfee and third-party products.

This task describes how to create an empty benchmark. See Creating a benchmarkto learn

the principles of creating a benchmark containing a group and a check.

Task

1 From the McAfee Policy Auditor Content Creator interface, click File | New.

2 Select the new benchmark in the left pane. In the right pane, provide information about the

benchmark.

TitleEnter a meaningful title.

DescriptionDescribe the design and purpose of the benchmark.

Applicable platformsSelect one or more platforms to designate the operating

systems that will run the audit containing the benchmark. McAfee Policy Auditor ignores

the benchmark on platforms that are not selected.

TIP: Generalize the applicable platforms if the benchmark will run on more than one

operating system. For example, if you have different rules for Windows 7, Windows XP,

and Windows 2008 server, set the benchmark's applicable platform to Microsoft Windows.



11/20

Default OVAL namespaceLeave the default namespace, which is the name of the

system where the benchmark is created, or change it to reflect a different system.

3 Click File | Saveand specify a filename for the benchmark. The software uses the .bme

extension for its files.

Create benchmark templatesUse benchmark templates to create benchmarks based on the same design. For example, you

can use a benchmark template to create a benchmark to determine the SHA1 hash for a file

on Windows XP systems and another benchmark to determine the SHA1 hash for a file on AIX

systems.

Task

1 From an open benchmark file, click File | Save. The Save Asdialog box opens.

2 Navigate to the folder where you want to save the file, enter a file name, and click Save.

You can use this benchmark as a template for creating and saving other benchmarks.

Create groupsGroups are containers that help you organize checks in benchmarks.You can create groups

and apply them to platforms. You can also create subgroups, which are nested groups.

Task

1 Create a benchmark and select it in the left pane.

2 From the right pane, click New Group.

3 Select the new group in the left pane. In the right pane, specify information about the group.

TitleProvide a meaningful title.

DescriptionDescribe the purpose of the group.

Applicable platformsSelect one or more platforms to designate the operating

systems that will run the audit containing the benchmark group. McAfee Policy Auditor

ignores the benchmark on platforms that are not selected.

Export benchmarksYou can export benchmarks and the checks they contain.These can be imported intoMcAfee Benchmark Editor for use in McAfee Policy Auditor audits.

The software exports benchmarks as XCCDF documents embedded in a single archive (ZIP)

file.

Task

1 From an open benchmark file, click File | Export to XCCDF. The Save Asdialog box

opens.


Managing templates, benchmarks, groups, and checksCreate benchmark templates



12/20

Export checksYou can export checks in the OVAL file format. These can be imported into McAfee Benchmark

Editor.

Task

1 From an open benchmark file, select a check.

2 From the right pane, click Export as OVAL definition.The Save Asdialog box opens.


Create a benchmark from a templateYou can create a benchmark from a benchmark template supplied by McAfee.You can also

create a benchmark from your own template by opening a .bmefile.

McAfee plans to provide more templates in future releases of the software.

Task

1 From the McAfee Policy Auditor Content Creator interface, click File | New from template,

then select the template. A benchmark based on the template appears.

2 Make changes as needed, then export the template to an XCCDF file.

Managing templates, benchmarks, groups, and checksExport checks



13/20

Creating a benchmark

This example shows how to create a benchmark containing a group and a rule, using the

Windows File Permission rule as an example.The principles apply to creating any rule with

McAfee Policy Auditor Content Creator.

Contents

Planning your benchmark

The file permission browser and how it works

Create a Windows File Permission check

Planning your benchmarkCreating a benchmark using McAfee Policy Auditor Content Creator requires planning and

consideration with regard to structure and configuration.

How you set up your benchmark structure, and how you much configuration you need to perform

depends on the unique needs of the sytems you audit. Considering these areas in advance can

reduce the time it takes to create a benchmark.

Platform inheritance

Understanding platform inheritance can help you create more efficient benchmarks. Groups

inherit the platform from the benchmark, and rules inherit the platform from the group. If you do

not assign a platform to a group, the rule inherits the platform from the benchmark.

When creating a benchmark with a group and a rule, start with the broadest platform and

progress to the narrowest platform. For example:

1 Create a benchmark and set the applicable platform to Windows.

2 Create a group and set the applicable platform to Windows 7.

3 Create two rules inside the Windows 7 group: one applies to Windows 7 x64 and the other

applies to Windows 7 x86.

If you do not go from broad to narrow or the inheritance logic is incorrect, the audit will not

function correctly. If you have a group with an applicable platform of Windows 7 and a rule insidethe group with an applicable platform of Windows 2000, the rule will not return results when the

audit is run because Windows 2000 is not a Windows 7 platform.

Rule parameters

The interface shows you the parameters that you need to provide.You might need to provide

information for items in the left pane that are black and you must provide information for the

items that are red.



14/20

Using the Windows File Permission check as an example, you must provide information for the

red parameters:

Folder

File permission set

Pass if the file or folder does not exist

The rule can determine permission set for a file or a folder.The File name parameter appearsblack in the left pane. If you want to check folder permission sets, you do not need to provide

information for the parameter. If you want to check file permission sets, you must provide the

name of the file.

Populating input values from the system

You can create a Gold Standard check by populating certain parameter values with information

from the system running McAfee Policy Auditor Content Creator.

To populate parameter values with system inform, you must manually configure the check with

enough information to find the values that it needs. Using the Windows File Permission check

as an example, you must provide information for these parameters first:

Folder

File name (not necessary if you are checking folder permissions)

Pass if the file or folder does not exist

Once you provide this information, select the check in the left pane and click Populate input

values from the systemin the right pane. The software imports the permission sets from

the selected file or folder.

The file permission browser and how it worksThe file permission browser is used by the file category permission check. It allows you to add

trustees and select file permissions for the trustees.The permission check determines the

trustees and file permissions on an audited system and compares the values with the check.

The permission browser shows one or more rows of trustees and their file permissions. Each

row can contain one or more trustee. The permissions for each row of trustees show a series

of one-letter abbreviations that correspond to file permissions. You can add multiple rows and

assign permissions to the trustees in each row.

Trustees

Trustees are users or groups. When you select a row and click Select Trustees, the Trustee

Browser dialog box appears and shows a list of common trustees.You can also add your own

trustees by specifying their name or security identifier (SID).

This is the list of trustees shown in the Trustee Browser:

Administrators

Authenticated Users

Backup Operators

BATCH

CREATOR OWNER

Everyone

Guests

Creating a benchmarkThe file permission browser and how it works



15/20

INTERACTIVE

LOCAL SERVICE

Network Configuration Operators

NETWORK SERVICE

Performance Log Users

Performance Monitor Users

Power Users

SERVICE

SYSTEM

TERMINAL SERVER USER

Users

Permissions

Permissions are rules associated with a file. When you select a row and click Select

Permissions, the Permissions browser appears and shows the permissions associated with

the file.You can select permissions or use the checkboxes to select groups of permissions.

Change Permissions

Create Files / Write Data

Create Folders / Append Data

Delete

Delete Subfolders and Files

List Folder / Read Data

Take Ownership

Read Attributes

Read Extended Attributes

Read Permissions

Synchronize

Traverse Folder / Execute File

Write Attributes

Write Extended Attributes

Abbreviations for permissions

The permissions for each row of trustees are represented by a series of one-letter abbreviations.

PChange Permissions

WCreate Files / Write Data

ACreate Folders / Append Data

DDelete

UDelete Subfolders and Files

RList Folder / Read Data

OTake Ownership

QRead Attributes

Creating a benchmarkThe file permission browser and how it works



16/20

NRead Extended Attributes

ERead Permissions

-Synchronize

XTraverse Folder / Execute File

TWrite Attributes

BWrite Extended Attributes

Create a Windows File Permission checkThis rule contains a check that determines the trustees and permissions for a specified folder

or file on a system and compares it with the values in the check.

This rule works only on Windows operating systems.

Task

1 From the McAfee Policy Auditor Content Creator interface, click File | New. Provide a title,description, and optionally, one or more Windows platforms that the benchmark applies to.

2 From the right pane, click New Group. Provide a title, description, and optionally, one or

more Windows platforms that the benchmark applies to.

3 From the left pane, select the group, then click Edit | New Rule.

4 Select the following settings:

SettingList box

WindowsRule Family

FileCategory

Permission checkRule

5 Edit the rule title and description as needed. Optionally, select the Windows operating

systems that the rule will audit.You can select more than one operating system.

6 Under the rule, select Folder.

7 Edit the title and description as needed, and then select whether the rule uses a constant

or dynamic value for the folder.

Table 1: Constant Value for Folder

DefinitionOption

Not applicable.System Value

Opens the Browse for Folder dialog box. Select thefolder containing the file to be audited.Edit...

Opens the File location dialog box. Enter the full path

to the folder containing the file to be audited.

Edit as text...

Table 2: Dynamic Value for Folder

DefinitionOption

Opens the Dynamic Value dialog box and allows you

to specify the folder.The most common ways to specify

...

a dynamic folder are to use concatenated text or to

select a registry key containing the folder path.

Creating a benchmarkCreate a Windows File Permission check



17/20

DefinitionOption

1 Under Rule Family, select Windows.

2 Under Category, select Registry.

3 Under Datasource, select Functions.

4 In the left pane, select Concatenated

text.

5 Under Concatenated text, enter text or

an environmental variable for the left

and right values of the path. For

example, set the left path as %WinDir%

and the right path as System32.


2 Under Category, select File.

3 Under Datasource, select Registry

value.4 In the left pane, select Registry Path,

then do one of the following.

Click Edit. The Registry Browser opens.

Navigate to the registry key containing the

folder path.

Click Edit as text.The Registry path dialog

box opens. Enter the full path and the registry

key that contains the folder path.

5 To create a Gold Standard rule by

importing the value from the system,

select Registry Value in the left pane,

then click Populate input values fromsystem.

8 Under the rule, select File name.

NOTE: To check folder permissions, do not set this value.


or dynamic value for the file name.

Table 3: Constant Value for File name

DefinitionOption

Not applicable.System Value

Opens the Open dialog box. Select the file you want to

monitor.

Edit...

Opens the File name dialog box. Enter the file name.Edit as text...

Table 4: Dynamic Value for File name

DefinitionOption

Opens the Dynamic Value dialog box to select a file

name contained in a registry key.

...





18/20

DefinitionOption

2 Under Category, select File.


value.

4 In the left pane, select Registry Path,

then do one of the following.

Click Edit. The Registry Browser opens.

Navigate to the registry key containing the file

name.

Click Edit as text.The Registry path dialog

box opens. Enter the full path and the registry

key that contains the file name.




then click Populate input values from

system.

10 Under the rule, select File permission set.


or dynamic value for the permission set.

Table 5: Constant Value for File permission set

DefinitionOption

Imports the system settings into the parameter.System Value

Opens the Permission Browser dialog box. Refer to The

file permission browser and how it worksto populate

this parameter.

Edit...

Opens the Registry Permission Set dialog box.The textbox contains a list of each trustee, its associated SID,

Edit as text...

and the associated permissions. Refer to The file

permission browser and how it worksto populate this

parameter.

Table 6: Dynamic Value for File permission set

DefinitionOption

Opens the Dynamic Value dialog box. Select the

Registry Value datasource, and then select a registry

key that contains the file permission set.

...




value.

4 In the left pane, select Registry path.

5 Specify a registry key containing the

desired value.

Click Edit...to open the Registry Browser

dialog box and browse to the registry key.




19/20

DefinitionOption

Click Edit as Text...to open the Registry Path

dialog box and enter the full path to the

registry key.





system.

12 Under the rule, select Pass if the file does not exist. If you set the parameter to True, the

rule passes even if the file does not exist on the audited system.


or dynamic value for whether the key exists.

Table 7: Constant Value for Pass if the file does not exist

DefinitionOption

Imports the system settings into the parameter.System Value

Opens the Boolean Browser dialog box. Select True or

False.

Edit...

Opens the Pass if file does not exist dialog box. Enter

True or False.You can also enter 1 for true and 0 for

false.

Edit as text...

Table 8: Dynamic Value for Pass if the file does not exist

DefinitionOption

Opens the Dynamic Value dialog box. Select the

Registry Value datasource, and then select a registry

key that contains the value for whether the file exists.

...




value.

4 In the left pane, select Registry path.

5 Specify a registry key containing the

desired value.

Click Edit...to open the Registry Browser

dialog box and browse to the registry key.

Click Edit as Text...to open the Registry Path

dialog box and enter the full path to the

registry key and the key.





system.




20/20

Index

Aaudience for this guide 4

Bbenchmarks

create 10

create from a template 12

create template 11

export 11

plan 13

Cchecks, export 12

conventions used in this guide 4

create benchmark from a template 12

create benchmark templates 11

create benchmarks 10, 13

create checks 11

Ddocumentation

product-specific, finding 5

typographical conventions 4

Eexport benchmarks 11

export checks 12

Ffile check category

file permission rule 16

file check category(continued)

permission browser 14

file permission browser 14

file permission rule 16

Ggroups, create 11

Iinstallation

install as a deployable package 8

install as standalone software 8

software and hardware requirements 6

standalone installation options 7

things to know before installation 6

MMcAfee ServicePortal, accessing 5

Ppermission browser, file 14

permission check, file 16

Policy Auditor Content Creator, installation

install as a deployable package 8

install as standalone software 8

software and hardware requirements 6

standalone installation options 7

things to know before installation 6

SServicePortal, finding product documentation 5

Documents

Mcafee Pacc 600 Product Guide en-us