Upload
yusuf-usmani
View
218
Download
0
Embed Size (px)
Citation preview
8/12/2019 Mcafee Pacc 600 Product Guide en-us
1/20
McAfee Policy Auditor Content Creator 6.0.0Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
2/20
COPYRIGHT
Copyright 2011 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any formor by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE
SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTALPROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or othercountries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarksherein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOUPURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOUDO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSEGRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVEDSEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITEFROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THEAGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide2
8/12/2019 Mcafee Pacc 600 Product Guide en-us
3/20
ContentsIntroducing McAfee Policy Auditor Content Creator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Finding product documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Installing McAfee Policy Auditor Content Creator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Things to know before installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Software and hardware requirements and recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Standalone installation options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Install McAfee Policy Auditor Content Creator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Install standalone version of software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Install as a deployable package in the Master Repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Managing templates, benchmarks, groups, and checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Create benchmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Create benchmark templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Create groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Export benchmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Export checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Create a benchmark from a template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Creating a benchmark. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Planning your benchmark. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
The file permission browser and how it works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Create a Windows File Permission check. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
4/20
Introducing McAfee Policy Auditor ContentCreator
McAfee
Policy Auditor Content Creator is designed to supplement the McAfee-supplied
benchmarks and checks with auditing rules that are specific to your organization. With its
simplified user interface, this tool can be used to create supplemental benchmarks and checks
without any knowledge of XCCDF or OVAL.You can export the benchmark or checks in XCCDF
or OVAL format and then import them into the McAfee
Benchmark Editor or check editor for
use in audits.
Contents
Audience
Conventions
Finding product documentation
AudienceMcAfee Policy Auditor Content Creator documentation is carefully researched and written for
the target audience.
The information in this guide is intended primarily for:
AdministratorsPeople who implement and enforce the company's security program.
UsersPeople who are responsible for configuring the product options on their system,
or for updating the product on their systems.
ConventionsThis guide uses the following typographical conventions.
Title of a book, chapter, or topic; introduction of a new term; emphasis.Book titleor Emphasis
Text that is strongly emphasized.BoldCommands and other text that the user types; the path of a folder or
program.User inputor Path
A code sample.Code
Words in the user interface including options, menus, buttons, and dialog
boxes.
User interface
A live link to a topic or to a website.Hypertext blue
Additional information, like an alternate method of accessing an option.Note
Suggestions and recommendations.Tip
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide4
8/12/2019 Mcafee Pacc 600 Product Guide en-us
5/20
Valuable advice to protect your computer system, software installation,
network, business, or data.
Important/Caution
Critical advice to prevent bodily harm when using a hardware product.Warning
Finding product documentationMcAfee provides the information you need during each phase of product implementation, from
installing to using and troubleshooting. After a product is released, information about the product
is entered into the McAfee online KnowledgeBase.
1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
2 Under Self Service, access the type of information you need:
Do this...To access...
User Documentation 1 Click Product Documentation.
2 Select a Product, then select a Version.
3 Select a product document.
KnowledgeBase Click Search the KnowledgeBasefor answers to your product questions.
Click Browse the KnowledgeBasefor articles listed by product and
version.
Introducing McAfee Policy Auditor Content CreatorFinding product documentation
5McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
http://mysupport.mcafee.com/http://mysupport.mcafee.com/8/12/2019 Mcafee Pacc 600 Product Guide en-us
6/20
Installing McAfee Policy Auditor Content Creator
You can install McAfee Policy Auditor Content Creator as standalone software on supported
Windows systems or as a deployable package in the Master Repository of ePolicy Orchestrator
software version 4.5 or 4.6.
Contents
Things to know before installation
Software and hardware requirements and recommendations
Standalone installation options
Install McAfee Policy Auditor Content Creator
Things to know before installationBe sure that you have read, understood, and complied with the requirements detailed in Software
and hardware requirementsbefore you begin the installation.
You should have the following information available during the installation:
Windows authentication credentials You must provide credentials for a domain
administrator user account.
A destination folder for the software installation (required for Custom installations).
Software and hardware requirements andrecommendations
McAfee Policy Auditor Content Creator runs on supported Windows operating systems that
meet the software and hardware requirements.
Supported Windows operating systems
The standalone installation of McAfee Policy Auditor Content Creator supports the followingoperating systems:
X64 supportX86 supportOperating system
XWindows 2000
XXWindows 7
XXWindows Server 2003 Enterprise Edition
XXWindows Server 2003 R2 Enterprise Edition
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide6
8/12/2019 Mcafee Pacc 600 Product Guide en-us
7/20
X64 supportX86 supportOperating system
XXWindows Server 2003 R2 Standard Edition
XXWindows Server 2003 Standard Edition
XXWindows Server 2003 Web Edition
XXWindows Server 2008
XXWindows Vista
XXWindows XP Home
XXWindows XP Professional
Hardware and network requirements for Windows systems
These are the minimum requirements for McAfee Policy Auditor Content Creator support on
Windows systems:
RequirementsComponent
Intel Pentium-class, Celeron, or compatible processor; 166MHz processor or higher.
Processor
300 MB.Free disk space for agent plug-in (optional)
Sufficient disk space on client computers for each McAfee
product that have been installed. For more information,
see the corresponding product documentation.
Free disk space for other McAfee components
20 MB RAM.Free Memory
Microsoft or Novell NetWare networks. NetWare networks
require TCP\IP.
Network environment
10 Mbps or higher.Network interface card (NIC)
Software requirements and recommendations
Make sure you have the required and recommended software installed on your server system
before installing McAfee Policy Auditor Content Creator.
Requirements and recommendationsSoftware
Recommended Make sure your Microsoft software is running the
latest updates.
Microsoft updates
Standalone installation optionsThere are two options for the standalone installation of McAfee Policy Auditor Content Creator
on supported Windows systems. Each option walks you through the installation process using
the InstallShield Wizard.
Use the following table to determine which option is right for your environment.
DetailsInstallation option
The most direct installation path. Use this option if you want to accept McAfee's defaultinstallation settings.
Express
Installing McAfee Policy Auditor Content CreatorStandalone installation options
7McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
8/20
DetailsInstallation option
Customize your installation. Use this option when you want to specify the destination
folder where the software is installed (C:\Program Files\McAfee\Policy Auditor
Content Creatorby default).
Custom
Install McAfee Policy Auditor Content CreatorInstall McAfee Policy Auditor Content Creator as standalone software on supported Windows
systems or as a deployable package in the Master Repository.
Tasks
Install standalone version of software
Install as a deployable package in the Master Repository
Install standalone version of softwareYou can install a standalone version of McAfee Policy Auditor Content Creator by downloading
the software and running the InstallShield Wizard.
Before you begin
You must have local administrator account permissions to install the software.
Task
For option definitions, click ?in the interface.
1 Log on to the desired system using an account with local administrator permissions.
2 Download the product zip file from the McAfee download site and unzip the file to a
convenient location.
3 Double-click PACCSetup.exe. The InstallShield Wizard opens.
4 In the Welcome window of the installation wizard, click Next.
5 Accept the License Agreement, then click Next.
6 Choose whether you want an Express or a Custom installation, then click Next.
Express Accept the default installation folder.
Custom Specify a custom destination location for the software. When the Change
Current Destination Folder window opens, browse to your desired destination and create
any new folders if needed. When finished, click OK.
7 In the Ready to Install the Programdialog box, click Installto begin the installation.8 In the InstallShield Wizard Completeddialog box, click Finishto complete the installation.
Install as a deployable package in the Master Repository
You can install the software as a deployable package in the Master Repository on
ePolicy Orchestrator software version 4.5 or 4.6 systems.
After you have checked in the package, you can deploy it to a managed endpoint system. The
endpoint system does not have to have the McAfee Policy Auditor agent plug-in installed on it.
Installing McAfee Policy Auditor Content CreatorInstall McAfee Policy Auditor Content Creator
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide8
8/12/2019 Mcafee Pacc 600 Product Guide en-us
9/20
See the ePolicy Orchestrator software documentation for information on deploying the software
package to a managed system using the Product Deployment Task.
Task
For option definitions, click ?in the interface.
1 Download the product zip file from the McAfee download site.2 Click Menu | Software | Master Repository, then click Actions | Check in Package.The
Check in Package wizard opens.
3 Select the Product or Update (.ZIP)package type, then browse to and select the desired
package file.
Package infoConfirm this is the correct package.
BranchSelect the desired branch. If there are requirements in your environment to
test new packages before deploying them throughout the production environment,
McAfee recommends using the Evaluation branch whenever checking in packages.
Once you finish testing the packages, you can move them to the Current branch by
clicking Menu | Software | Master Repository.
OptionsSelect whether to:
Move the existing package to the Previous branchWhen selected, moves
packages in the master repository from the Current branch to the Previous branch
when a newer package of the same type is checked in. Available only when you
select Current in Branch.
Package signingSpecifies if the package is signed by McAfee or is third-party
package.
4 Click Saveto begin checking in the package, then wait while the package is checked in.
The McAfee Policy Auditor Content Creator software appears in the Packages in Master
Repository list on the Master Repository tab.
Installing McAfee Policy Auditor Content CreatorInstall McAfee Policy Auditor Content Creator
9McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
10/20
Managing templates, benchmarks, groups, andchecks
You can quickly create benchmarks that contain groups, subgroups, and rules.You can use
the software without having to learn the Extensible Configuration Checklist Description Format
(XCCDF) or Open Vulnerability and Assessment Language (OVAL) languages.
Contents
Create benchmarks
Create benchmark templates
Create groups
Export benchmarks
Export checks
Create a benchmark from a template
Create benchmarksYou can create benchmarks in McAfee Policy Auditor Content Creator for use in audits.
Benchmarks are documents containing an organized set of rules describing the desired stateof a system. A benchmark is the core component of an audit and can be used by McAfee Policy
Auditor as well as other McAfee and third-party products.
This task describes how to create an empty benchmark. See Creating a benchmarkto learn
the principles of creating a benchmark containing a group and a check.
Task
1 From the McAfee Policy Auditor Content Creator interface, click File | New.
2 Select the new benchmark in the left pane. In the right pane, provide information about the
benchmark.
TitleEnter a meaningful title.
DescriptionDescribe the design and purpose of the benchmark.
Applicable platformsSelect one or more platforms to designate the operating
systems that will run the audit containing the benchmark. McAfee Policy Auditor ignores
the benchmark on platforms that are not selected.
TIP: Generalize the applicable platforms if the benchmark will run on more than one
operating system. For example, if you have different rules for Windows 7, Windows XP,
and Windows 2008 server, set the benchmark's applicable platform to Microsoft Windows.
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide10
8/12/2019 Mcafee Pacc 600 Product Guide en-us
11/20
Default OVAL namespaceLeave the default namespace, which is the name of the
system where the benchmark is created, or change it to reflect a different system.
3 Click File | Saveand specify a filename for the benchmark. The software uses the .bme
extension for its files.
Create benchmark templatesUse benchmark templates to create benchmarks based on the same design. For example, you
can use a benchmark template to create a benchmark to determine the SHA1 hash for a file
on Windows XP systems and another benchmark to determine the SHA1 hash for a file on AIX
systems.
Task
1 From an open benchmark file, click File | Save. The Save Asdialog box opens.
2 Navigate to the folder where you want to save the file, enter a file name, and click Save.
You can use this benchmark as a template for creating and saving other benchmarks.
Create groupsGroups are containers that help you organize checks in benchmarks.You can create groups
and apply them to platforms. You can also create subgroups, which are nested groups.
Task
1 Create a benchmark and select it in the left pane.
2 From the right pane, click New Group.
3 Select the new group in the left pane. In the right pane, specify information about the group.
TitleProvide a meaningful title.
DescriptionDescribe the purpose of the group.
Applicable platformsSelect one or more platforms to designate the operating
systems that will run the audit containing the benchmark group. McAfee Policy Auditor
ignores the benchmark on platforms that are not selected.
Export benchmarksYou can export benchmarks and the checks they contain.These can be imported intoMcAfee Benchmark Editor for use in McAfee Policy Auditor audits.
The software exports benchmarks as XCCDF documents embedded in a single archive (ZIP)
file.
Task
1 From an open benchmark file, click File | Export to XCCDF. The Save Asdialog box
opens.
2 Navigate to the folder where you want to save the file, enter a file name, and click Save.
Managing templates, benchmarks, groups, and checksCreate benchmark templates
11McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
12/20
Export checksYou can export checks in the OVAL file format. These can be imported into McAfee Benchmark
Editor.
Task
1 From an open benchmark file, select a check.
2 From the right pane, click Export as OVAL definition.The Save Asdialog box opens.
3 Navigate to the folder where you want to save the file, enter a file name, and click Save.
Create a benchmark from a templateYou can create a benchmark from a benchmark template supplied by McAfee.You can also
create a benchmark from your own template by opening a .bmefile.
McAfee plans to provide more templates in future releases of the software.
Task
1 From the McAfee Policy Auditor Content Creator interface, click File | New from template,
then select the template. A benchmark based on the template appears.
2 Make changes as needed, then export the template to an XCCDF file.
Managing templates, benchmarks, groups, and checksExport checks
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide12
8/12/2019 Mcafee Pacc 600 Product Guide en-us
13/20
Creating a benchmark
This example shows how to create a benchmark containing a group and a rule, using the
Windows File Permission rule as an example.The principles apply to creating any rule with
McAfee Policy Auditor Content Creator.
Contents
Planning your benchmark
The file permission browser and how it works
Create a Windows File Permission check
Planning your benchmarkCreating a benchmark using McAfee Policy Auditor Content Creator requires planning and
consideration with regard to structure and configuration.
How you set up your benchmark structure, and how you much configuration you need to perform
depends on the unique needs of the sytems you audit. Considering these areas in advance can
reduce the time it takes to create a benchmark.
Platform inheritance
Understanding platform inheritance can help you create more efficient benchmarks. Groups
inherit the platform from the benchmark, and rules inherit the platform from the group. If you do
not assign a platform to a group, the rule inherits the platform from the benchmark.
When creating a benchmark with a group and a rule, start with the broadest platform and
progress to the narrowest platform. For example:
1 Create a benchmark and set the applicable platform to Windows.
2 Create a group and set the applicable platform to Windows 7.
3 Create two rules inside the Windows 7 group: one applies to Windows 7 x64 and the other
applies to Windows 7 x86.
If you do not go from broad to narrow or the inheritance logic is incorrect, the audit will not
function correctly. If you have a group with an applicable platform of Windows 7 and a rule insidethe group with an applicable platform of Windows 2000, the rule will not return results when the
audit is run because Windows 2000 is not a Windows 7 platform.
Rule parameters
The interface shows you the parameters that you need to provide.You might need to provide
information for items in the left pane that are black and you must provide information for the
items that are red.
13McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
14/20
Using the Windows File Permission check as an example, you must provide information for the
red parameters:
Folder
File permission set
Pass if the file or folder does not exist
The rule can determine permission set for a file or a folder.The File name parameter appearsblack in the left pane. If you want to check folder permission sets, you do not need to provide
information for the parameter. If you want to check file permission sets, you must provide the
name of the file.
Populating input values from the system
You can create a Gold Standard check by populating certain parameter values with information
from the system running McAfee Policy Auditor Content Creator.
To populate parameter values with system inform, you must manually configure the check with
enough information to find the values that it needs. Using the Windows File Permission check
as an example, you must provide information for these parameters first:
Folder
File name (not necessary if you are checking folder permissions)
Pass if the file or folder does not exist
Once you provide this information, select the check in the left pane and click Populate input
values from the systemin the right pane. The software imports the permission sets from
the selected file or folder.
The file permission browser and how it worksThe file permission browser is used by the file category permission check. It allows you to add
trustees and select file permissions for the trustees.The permission check determines the
trustees and file permissions on an audited system and compares the values with the check.
The permission browser shows one or more rows of trustees and their file permissions. Each
row can contain one or more trustee. The permissions for each row of trustees show a series
of one-letter abbreviations that correspond to file permissions. You can add multiple rows and
assign permissions to the trustees in each row.
Trustees
Trustees are users or groups. When you select a row and click Select Trustees, the Trustee
Browser dialog box appears and shows a list of common trustees.You can also add your own
trustees by specifying their name or security identifier (SID).
This is the list of trustees shown in the Trustee Browser:
Administrators
Authenticated Users
Backup Operators
BATCH
CREATOR OWNER
Everyone
Guests
Creating a benchmarkThe file permission browser and how it works
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide14
8/12/2019 Mcafee Pacc 600 Product Guide en-us
15/20
INTERACTIVE
LOCAL SERVICE
Network Configuration Operators
NETWORK SERVICE
Performance Log Users
Performance Monitor Users
Power Users
SERVICE
SYSTEM
TERMINAL SERVER USER
Users
Permissions
Permissions are rules associated with a file. When you select a row and click Select
Permissions, the Permissions browser appears and shows the permissions associated with
the file.You can select permissions or use the checkboxes to select groups of permissions.
Change Permissions
Create Files / Write Data
Create Folders / Append Data
Delete
Delete Subfolders and Files
List Folder / Read Data
Take Ownership
Read Attributes
Read Extended Attributes
Read Permissions
Synchronize
Traverse Folder / Execute File
Write Attributes
Write Extended Attributes
Abbreviations for permissions
The permissions for each row of trustees are represented by a series of one-letter abbreviations.
PChange Permissions
WCreate Files / Write Data
ACreate Folders / Append Data
DDelete
UDelete Subfolders and Files
RList Folder / Read Data
OTake Ownership
QRead Attributes
Creating a benchmarkThe file permission browser and how it works
15McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
16/20
NRead Extended Attributes
ERead Permissions
-Synchronize
XTraverse Folder / Execute File
TWrite Attributes
BWrite Extended Attributes
Create a Windows File Permission checkThis rule contains a check that determines the trustees and permissions for a specified folder
or file on a system and compares it with the values in the check.
This rule works only on Windows operating systems.
Task
1 From the McAfee Policy Auditor Content Creator interface, click File | New. Provide a title,description, and optionally, one or more Windows platforms that the benchmark applies to.
2 From the right pane, click New Group. Provide a title, description, and optionally, one or
more Windows platforms that the benchmark applies to.
3 From the left pane, select the group, then click Edit | New Rule.
4 Select the following settings:
SettingList box
WindowsRule Family
FileCategory
Permission checkRule
5 Edit the rule title and description as needed. Optionally, select the Windows operating
systems that the rule will audit.You can select more than one operating system.
6 Under the rule, select Folder.
7 Edit the title and description as needed, and then select whether the rule uses a constant
or dynamic value for the folder.
Table 1: Constant Value for Folder
DefinitionOption
Not applicable.System Value
Opens the Browse for Folder dialog box. Select thefolder containing the file to be audited.Edit...
Opens the File location dialog box. Enter the full path
to the folder containing the file to be audited.
Edit as text...
Table 2: Dynamic Value for Folder
DefinitionOption
Opens the Dynamic Value dialog box and allows you
to specify the folder.The most common ways to specify
...
a dynamic folder are to use concatenated text or to
select a registry key containing the folder path.
Creating a benchmarkCreate a Windows File Permission check
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide16
8/12/2019 Mcafee Pacc 600 Product Guide en-us
17/20
DefinitionOption
1 Under Rule Family, select Windows.
2 Under Category, select Registry.
3 Under Datasource, select Functions.
4 In the left pane, select Concatenated
text.
5 Under Concatenated text, enter text or
an environmental variable for the left
and right values of the path. For
example, set the left path as %WinDir%
and the right path as System32.
1 Under Rule Family, select Windows.
2 Under Category, select File.
3 Under Datasource, select Registry
value.4 In the left pane, select Registry Path,
then do one of the following.
Click Edit. The Registry Browser opens.
Navigate to the registry key containing the
folder path.
Click Edit as text.The Registry path dialog
box opens. Enter the full path and the registry
key that contains the folder path.
5 To create a Gold Standard rule by
importing the value from the system,
select Registry Value in the left pane,
then click Populate input values fromsystem.
8 Under the rule, select File name.
NOTE: To check folder permissions, do not set this value.
9 Edit the title and description as needed, and then select whether the rule uses a constant
or dynamic value for the file name.
Table 3: Constant Value for File name
DefinitionOption
Not applicable.System Value
Opens the Open dialog box. Select the file you want to
monitor.
Edit...
Opens the File name dialog box. Enter the file name.Edit as text...
Table 4: Dynamic Value for File name
DefinitionOption
Opens the Dynamic Value dialog box to select a file
name contained in a registry key.
...
1 Under Rule Family, select Windows.
Creating a benchmarkCreate a Windows File Permission check
17McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
18/20
DefinitionOption
2 Under Category, select File.
3 Under Datasource, select Registry
value.
4 In the left pane, select Registry Path,
then do one of the following.
Click Edit. The Registry Browser opens.
Navigate to the registry key containing the file
name.
Click Edit as text.The Registry path dialog
box opens. Enter the full path and the registry
key that contains the file name.
5 To create a Gold Standard rule by
importing the value from the system,
select Registry Value in the left pane,
then click Populate input values from
system.
10 Under the rule, select File permission set.
11 Edit the title and description as needed, and then select whether the rule uses a constant
or dynamic value for the permission set.
Table 5: Constant Value for File permission set
DefinitionOption
Imports the system settings into the parameter.System Value
Opens the Permission Browser dialog box. Refer to The
file permission browser and how it worksto populate
this parameter.
Edit...
Opens the Registry Permission Set dialog box.The textbox contains a list of each trustee, its associated SID,
Edit as text...
and the associated permissions. Refer to The file
permission browser and how it worksto populate this
parameter.
Table 6: Dynamic Value for File permission set
DefinitionOption
Opens the Dynamic Value dialog box. Select the
Registry Value datasource, and then select a registry
key that contains the file permission set.
...
1 Under Rule Family, select Windows.
2 Under Category, select Registry.
3 Under Datasource, select Registry
value.
4 In the left pane, select Registry path.
5 Specify a registry key containing the
desired value.
Click Edit...to open the Registry Browser
dialog box and browse to the registry key.
Creating a benchmarkCreate a Windows File Permission check
McAfee Policy Auditor Content Creator 6.0.0 software Product Guide18
8/12/2019 Mcafee Pacc 600 Product Guide en-us
19/20
DefinitionOption
Click Edit as Text...to open the Registry Path
dialog box and enter the full path to the
registry key.
6 To create a Gold Standard rule by
importing the value from the system,
select Registry Value in the left pane,
then click Populate input values from
system.
12 Under the rule, select Pass if the file does not exist. If you set the parameter to True, the
rule passes even if the file does not exist on the audited system.
13 Edit the title and description as needed, and then select whether the rule uses a constant
or dynamic value for whether the key exists.
Table 7: Constant Value for Pass if the file does not exist
DefinitionOption
Imports the system settings into the parameter.System Value
Opens the Boolean Browser dialog box. Select True or
False.
Edit...
Opens the Pass if file does not exist dialog box. Enter
True or False.You can also enter 1 for true and 0 for
false.
Edit as text...
Table 8: Dynamic Value for Pass if the file does not exist
DefinitionOption
Opens the Dynamic Value dialog box. Select the
Registry Value datasource, and then select a registry
key that contains the value for whether the file exists.
...
1 Under Rule Family, select Windows.
2 Under Category, select Registry.
3 Under Datasource, select Registry
value.
4 In the left pane, select Registry path.
5 Specify a registry key containing the
desired value.
Click Edit...to open the Registry Browser
dialog box and browse to the registry key.
Click Edit as Text...to open the Registry Path
dialog box and enter the full path to the
registry key and the key.
6 To create a Gold Standard rule by
importing the value from the system,
select Registry Value in the left pane,
then click Populate input values from
system.
Creating a benchmarkCreate a Windows File Permission check
19McAfee Policy Auditor Content Creator 6.0.0 software Product Guide
8/12/2019 Mcafee Pacc 600 Product Guide en-us
20/20
Index
Aaudience for this guide 4
Bbenchmarks
create 10
create from a template 12
create template 11
export 11
plan 13
Cchecks, export 12
conventions used in this guide 4
create benchmark from a template 12
create benchmark templates 11
create benchmarks 10, 13
create checks 11
Ddocumentation
product-specific, finding 5
typographical conventions 4
Eexport benchmarks 11
export checks 12
Ffile check category
file permission rule 16
file check category(continued)
permission browser 14
file permission browser 14
file permission rule 16
Ggroups, create 11
Iinstallation
install as a deployable package 8
install as standalone software 8
software and hardware requirements 6
standalone installation options 7
things to know before installation 6
MMcAfee ServicePortal, accessing 5
Ppermission browser, file 14
permission check, file 16
Policy Auditor Content Creator, installation
install as a deployable package 8
install as standalone software 8
software and hardware requirements 6
standalone installation options 7
things to know before installation 6
SServicePortal, finding product documentation 5