Skip to content

Commit

Permalink
Enhancing ePO analysis
Browse files Browse the repository at this point in the history
  • Loading branch information
@strawgate
strawgate committed Sep 22, 2016
1 parent 13bbf21 commit 771ac40
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 21 deletions.
22 changes: 22 additions & 0 deletions Analyses/Applications - McAfee ePolicy Orchestrator - Configuration - WinMac.bes
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>

<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
<Analysis>
<Title>Applications - McAfee ePolicy Orchestrator - Configuration - Win\Mac</Title>
<Description><![CDATA[<P>This analysis provides information on the currently installed ePO agent.</P>
<P>For general information or to report issues with C3 Protect content please visit GitHub here: <A href="https://github.com/strawgate/C3-Protect">https://github.com/strawgate/C3-Protect</A></P>]]></Description>
<Relevance>windows of operating system or mac of operating system</Relevance>
<Relevance>if (windows of operating system) then (exists keys whose (value "DisplayName" of it as string is "McAfee Agent") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" of ( x32 registry; (if exists x64 registry then x64 registry else nothing) )) else (exists file "config.xml" of folder whose (name of it starts with "EPOAGENT") of folders "/private/etc/cma.d")</Relevance>
<Source>Internal</Source>
<SourceReleaseDate>2016-05-13</SourceReleaseDate>
<Domain>BESC</Domain>
<Property Name="McAfee ePO - Version - Win\Mac" ID="1" EvaluationPeriod="PT1H"><![CDATA[if (windows of operating system) then (value "DisplayVersion" of keys whose (value "DisplayName" of it as string is "McAfee Agent") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" of ( x32 registry; (if exists x64 registry then x64 registry else nothing) )) else (substring after "<Version>"of substring before "</Version>" of lines containing "<Version>" of file "config.xml" of folder whose (name of it starts with "EPOAGENT") of folders "/private/etc/cma.d")]]></Property>
<Property Name="McAfee ePO - Management Server - Win\Mac" ID="2" EvaluationPeriod="P1D"><![CDATA[if (windows of operating system) then (selects "/Manifest/AgentMeta/ServerName" of xml document of file "manifest.xml" of folder (value "DataPath" of keys "HKEY_LOCAL_MACHINE\Software\McAfee\Agent" of native registry as string) as text) else (preceding text of first ":" of following text of first ("Server=" & character(34)) of following text of first "SpipeSite" of lines containing "Server" of file "/var/McAfee/agent/data/ServerSiteList.xml")]]></Property>
<Property Name="McAfee ePO - Agent Ping Port - Win\Mac" ID="3" EvaluationPeriod="P1D">if (windows of operating system) then (selects "/Manifest/AgentMeta/AgentPingPort" of xml document of file "manifest.xml" of folder (value "DataPath" of keys "HKEY_LOCAL_MACHINE\Software\McAfee\Agent" of native registry as string) as text) else (key "AgentPingPort" of section "AgentListenServer" of file "/var/McAfee/agent/data/agent.ini")</Property>
<Property Name="McAfee ePO - Configured Tasks - Windows" ID="4" EvaluationPeriod="P1D">(node values of attributes "name" of it) of (/* Filter out only the assigned tasks */ items 0 of (it whose (item 1 of it contains node value of attribute "id" of item 0 of it)) of (selects "/Manifest/TaskRoot/Tasks/Task" of it, set of node values of attributes "id" of (selects "/Manifest/TaskRoot/Assignments/Assignment" of it)) of (xml document of file "manifest.xml" of folder (value "DataPath" of keys "HKEY_LOCAL_MACHINE\Software\McAfee\Agent" of native registry as string)))</Property>
<Property Name="McAfee ePO - Configured Policies - Windows" ID="5" EvaluationPeriod="P1D">(node values of attributes "feature" of it, node values of attributes "type" of it, node values of attributes "name" of it) of (/* Filter out only the assigned policies */ items 0 of (it whose (item 1 of it contains node value of attribute "id" of item 0 of it)) of (selects "/Manifest/PolicyRoot/Policies/Policy" of it, set of node values of attributes "id" of (selects "/Manifest/PolicyRoot/Assignments/Assignment" of it)) of (xml document of file "manifest.xml" of folder (value "DataPath" of keys "HKEY_LOCAL_MACHINE\Software\McAfee\Agent" of native registry as string)))</Property>
<Property Name="McAfee ePO - Enforcement State - Windows" ID="6" EvaluationPeriod="PT1H">if ((select "/Manifest/AgentMeta/EnforcePolicy" of xml document of file "manifest.xml" of folder (value "DataPath" of keys "HKEY_LOCAL_MACHINE\Software\McAfee\Agent" of native registry as string) as text) = "1") then "Enforced" else "Not Enforced"</Property>
<Property Name="McAfee ePO - Architecture - Windows" ID="7" EvaluationPeriod="P1D">if (exists keys whose (value "DisplayName" of it as string is "McAfee Agent") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" of ( x32 registry)) then "x86" else (if (exists keys whose (value "DisplayName" of it as string is "McAfee Agent") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" of ( x64 registry)) then ("x64") else (error "none"))</Property>
<Property Name="McAfee ePO - Agent GUID - Win\Mac" ID="8" EvaluationPeriod="P1D">if (windows of operating system) then (value "AgentGUID" of key "HKEY_LOCAL_MACHINE\Software\Network Associates\ePolicy Orchestrator\Agent" of x32 registry) else (key "AgPlcyEventAgentGUID" of section "AgentEvents" of file "/var/McAfee/agent/data/eventpolicies.ini")</Property>
</Analysis>
</BES>
21 changes: 0 additions & 21 deletions Analyses/Applications - McAfee ePolicy Orchestrator - Configuration - Windows.bes
View file

This file was deleted.

0 comments on commit 771ac40

Please sign in to comment.