Tripwire Report


Table of Contents

  1. Report Summary
  2. Rule Summary
  3. Object Summary
  4. Object Details
  5. Error Report

Report Summary

Generated By admin
Created On Sun, 30 Apr 2006 23:27:35 -0400
DB Updated Sun, 30 Apr 2006 22:37:52 -0400
Host Name ITL-00
IP Address 128.153.144.112
Host ID S-1-5-21-1935655697-1336601894-725345543
Policy File C:\Program Files\Tripwire\TFS\policy\tw.pol
Config File C:\PROGRA~1\Tripwire\TFS\bin\tw.cfg
DB File C:\Program Files\Tripwire\TFS\db\database.twd
Report File C:\Program Files\Tripwire\TFS\Report\installing-alexa.twr
Command Line tripwire --check --report-file C:\Program Files\Tripwire\TFS\Report\installing-alexa.twr
Print Command twprint --print-report --report-file C:\Program Files\Tripwire\TFS\Report\installing-alexa.twr -F html -o C:\Program Files\Tripwire\TFS\Report\installing-alexa.html

Max Severity 1,000
Total Added 197
Total Removed 0
Total Modified 13
High Severity 15
Medium Severity 195
Low Severity 0


Rule Summary

Section: Windows File System

Rule NameSeverityAddedRemovedModifiedErrors
Critical System Startup files [C:\] 1,000 0 0 0 0
OS Support Files [C:\WINDOWS] 35 0 0 0 0
(*) System32 Folder [C:\WINDOWS\System32] 100 2 0 0 0
Network Configuration Files [C:\WINDOWS\System32\config\systemprofile] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\dhcp] 100 0 0 0 0
Critical Drivers [C:\WINDOWS\System32\drivers] 35 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\drivers\etc\hosts] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\drivers\etc\networks] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\drivers\etc\protocol] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\drivers\etc\services] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\ras] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\setup] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\ShellExt] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\wins] 100 0 0 0 0
OS Support Files [C:\WINDOWS\System32\dllcache] 35 0 0 0 0
OS Support Files [C:\WINDOWS\Config] 35 0 0 0 0
System Folder [C:\WINDOWS\System] 35 0 0 0 0
Network Configuration Files [C:\WINDOWS\security\templates] 100 0 0 0 0
Critical Drivers [C:\WINDOWS\Driver Cache] 35 0 0 0 0
OS Support Files [C:\WINDOWS\bootstat.dat] 35 0 0 0 0
OS Support Files [C:\WINDOWS\inf] 35 0 0 0 0
OS Support Files [C:\WINDOWS\repair] 35 0 0 0 0
(*) Program Files Folder [C:\Program Files] 35 1 0 0 0
Tripwire for Servers Configuration Files [C:\PROGRAM FILES\TRIPWIRE\TFS\Policy] 1,000 0 0 0 0
Tripwire for Servers Executables [C:\PROGRAM FILES\TRIPWIRE\TFS\Bin] 1,000 0 0 0 0
Tripwire for Servers Executables [C:\PROGRAM FILES\TRIPWIRE\TFS\Bin\twagent.exe] 1,000 0 0 0 0
Tripwire for Servers Executables [C:\PROGRAM FILES\TRIPWIRE\TFS\Bin\tripwire.exe] 1,000 0 0 0 0
Tripwire for Servers Executables [C:\PROGRAM FILES\TRIPWIRE\TFS\Bin\twadmin.exe] 1,000 0 0 0 0
Tripwire for Servers Executables [C:\PROGRAM FILES\TRIPWIRE\TFS\Bin\twprint.exe] 1,000 0 0 0 0
Tripwire for Servers Executables [C:\PROGRAM FILES\TRIPWIRE\TFS\Bin\siggen.exe] 1,000 0 0 0 0
Tripwire for Servers Configuration Files [C:\PROGRAM FILES\TRIPWIRE\TFS\Bin\tw.cfg] 1,000 0 0 0 0
Tripwire for Servers Log and Support Files [C:\PROGRAM FILES\TRIPWIRE\TFS\Bin\twserver.cert] 1,000 0 0 0 0
Tripwire for Servers Configuration Files [C:\PROGRAM FILES\TRIPWIRE\TFS\DB] 1,000 0 0 0 0
Tripwire for Servers Configuration Files [C:\PROGRAM FILES\TRIPWIRE\TFS\Key] 1,000 0 0 0 0
Tripwire for Servers Log and Support Files [C:\PROGRAM FILES\TRIPWIRE\TFS\Docs] 1,000 0 0 0 0
System32 Folder [C:\WINDOWS\System32\CatRoot] 100 0 0 0 0
System32 Folder [C:\WINDOWS\System32\CatRoot2] 100 0 0 0 0
System32 Folder [C:\WINDOWS\System32\spool] 100 0 0 0 0
System32 Folder [C:\WINDOWS\System32\wbem\Logs] 100 0 0 0 0
System32 Folder [C:\WINDOWS\System32\wbem\Repository] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\System32\config] 100 0 0 0 0
Network Configuration Files [C:\WINDOWS\security] 100 0 0 0 0
Temporary Files Folder [C:\WINDOWS\temp] 15 0 0 0 0
Tripwire for Servers Log and Support Files [C:\PROGRAM FILES\TRIPWIRE\TFS\Report] 1,000 0 0 0 0

Total Objects: 7,107
Total Violations: 3

Section: Windows Registry

Rule NameSeverityAddedRemovedModifiedErrors
Hardware keys [HKEY_LOCAL_MACHINE\SYSTEM\Setup] 35 0 0 0 0
(*) Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 100 0 0 7 0
Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries] 100 0 0 0 0
Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TripwireAdminUtility_sys] 1,000 0 0 0 0
Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\TripwireAdminUtility_sec] 1,000 0 0 0 0
(*) Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Tripwire_sec] 1,000 0 0 2 0
Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\TripwirePrintUtility_sec] 1,000 0 0 0 0
(*) Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tripwire] 1,000 0 0 2 0
Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\TripwireAdminUtility] 1,000 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows] 100 0 0 0 0
(*) Critical Security Account Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA] 1,000 0 0 2 0
Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Audit\Sources\TripwireAdminUtility_sec] 1,000 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\Lanman Print Services] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\+ClearPageFileAtShutdown] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] 100 0 0 0 0
Hardware keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles] 35 0 0 0 0
Critical Security Account Keys [HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account] 1,000 0 0 0 0
Critical Security Account Keys [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account] 1,000 0 0 0 0
Local Admin Activity [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4] 1,000 0 0 0 0
Local Admin Login [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4\+F] 1,000 0 0 0 0
Local Admin Password Change [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4\+V] 1,000 0 0 0 0
Guest Account Activity [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F5] 1,000 0 0 0 0
System Startup Executables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 1,000 0 0 0 0
System Startup Executables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx] 1,000 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers] 100 0 0 0 0
System Startup Executables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping] 1,000 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 100 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32] 100 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Network] 100 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW] 100 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug] 100 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Embedding] 100 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] 100 0 0 0 0
Security Information keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Hotfix] 100 0 0 0 0
Software keys [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc] 35 0 0 0 0
Software keys [HKEY_LOCAL_MACHINE\SOFTWARE\Clients] 35 0 0 0 0
Hardware keys [HKEY_LOCAL_MACHINE\hardware] 35 0 0 0 0
System Startup Executables [HKEY_CURRENT_USER\Control Panel\Desktop\+ScreenSaveActive] 1,000 0 0 0 0
System Startup Executables [HKEY_CURRENT_USER\Control Panel\Desktop\+ScreenSaverIsSecure] 1,000 0 0 0 0
System Startup Executables [HKEY_CURRENT_USER\Control Panel\Desktop\+ScreenSaveTimeOut] 1,000 0 0 0 0
Current User Registry keys [HKEY_CURRENT_USER\Environment] 15 0 0 0 0
System Startup Executables [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 1,000 0 0 0 0
Critical System Registry Keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies] 100 0 0 0 0
Security Information keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions] 100 0 0 0 0
Current User Registry keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust] 15 0 0 0 0
Current User Registry keys [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 15 0 0 0 0
Current User Registry keys [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections] 15 0 0 0 0
Current User Registry keys [HKEY_CURRENT_USER\Software\Microsoft\RegEdt32] 15 0 0 0 0
Current User Registry keys [HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates] 15 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\AllFilesystemObjects] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\AppID] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\batfile] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\cmdfile] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\comfile] 35 0 0 0 0
(*) Class keys [HKEY_CLASSES_ROOT\Component Categories] 35 5 0 0 0
Class keys [HKEY_CLASSES_ROOT\Directory] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Drive] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\exefile] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\file] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\FILETYPE] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Filter] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Folder] 35 0 0 0 0
(*) Class keys [HKEY_CLASSES_ROOT\Interface] 35 189 0 0 0
Class keys [HKEY_CLASSES_ROOT\ldap] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\LDAPNamespace] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\lnkfile] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Media Type] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\MIME] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\NDS] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\NDSNamespace] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Pathname] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\PROTOCOLS] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\SecurityDescriptor] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Shell.Application] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Shell.Explorer] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\txtfile] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Unknown] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\WinNT] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\WinNTNamespace] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Network] 35 0 0 0 0
Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters] 100 0 0 0 0
Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters] 100 0 0 0 0
Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters] 100 0 0 0 0
Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces] 100 0 0 0 0
Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Parameters] 100 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] 100 0 0 0 0
Critical System Registry Keys [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList] 100 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\CLSID] 35 0 0 0 0
Class keys [HKEY_CLASSES_ROOT\Typelib] 35 0 0 0 0

Total Objects: 34,421
Total Violations: 207

Object Summary

Section: Windows File System

Rule: System32 Folder [C:\WINDOWS\System32]

Rule: Program Files Folder [C:\Program Files]

Section: Windows Registry

Rule: Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Rule: Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Tripwire_sec]

Rule: Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tripwire]

Rule: Critical Security Account Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]

Rule: Class keys [HKEY_CLASSES_ROOT\Component Categories]

Rule: Class keys [HKEY_CLASSES_ROOT\Interface]


Object Details

Section: Windows File System

Rule: System32 Folder [C:\WINDOWS\System32]

Start Point C:\WINDOWS\System32
Severity 100
Added Objects 2
Removed Objects 0
Modified Objects 0
Errors 0

Rule: Program Files Folder [C:\Program Files]

Start Point C:\Program Files
Severity 35
Added Objects 1
Removed Objects 0
Modified Objects 0
Errors 0

Section: Windows Registry

Rule: Service Registry Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Start Point HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Severity 100
Added Objects 0
Removed Objects 0
Modified Objects 7
Errors 0

Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tripwire_sys\+EventMessageFile

PropertyExpectedObserved
(*) Data Length 94 84
(*) CRC32 e24b5d7b f4f72c07
(*) MD5 a10431f47ec483d3f06832f27648aaef 2c909c599acfa96754f0efc51bc16d88


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tripwire_sys\+ParameterMessageFile

PropertyExpectedObserved
(*) Data Length 94 84
(*) CRC32 e24b5d7b f4f72c07
(*) MD5 a10431f47ec483d3f06832f27648aaef 2c909c599acfa96754f0efc51bc16d88


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\+Epoch

PropertyExpectedObserved
(*) CRC32 17c7c6f1 2e1fe4ef
(*) MD5 3e2f6479346ef30ed48eb842b9bfad52 3aec96904612449242ca6c30680e4cda


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{A88C54CD-8430-42F4-BDDC-3340D7F8FE62}\Parameters\Tcpip\+LeaseObtainedTime

PropertyExpectedObserved
(*) CRC32 3d730bd9 ea92f8fe
(*) MD5 eadb4a351e477e13c755595eea78325f c7c088208f83d477a9fc2cf7dd2b1189


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{A88C54CD-8430-42F4-BDDC-3340D7F8FE62}\Parameters\Tcpip\+LeaseTerminatesTime

PropertyExpectedObserved
(*) CRC32 a8824871 5565997b
(*) MD5 5f42a6b17294292c200994864b01a1f3 26fe2a672b345d4ff53abc2de1cb7ca1


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{A88C54CD-8430-42F4-BDDC-3340D7F8FE62}\Parameters\Tcpip\+T1

PropertyExpectedObserved
(*) CRC32 fdea8b74 2a0b7853
(*) MD5 be89eefc4588a65b998c9601cebf4764 17d1c250ce907abf18ce898980d781b4


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{A88C54CD-8430-42F4-BDDC-3340D7F8FE62}\Parameters\Tcpip\+T2

PropertyExpectedObserved
(*) CRC32 aaa93aa2 27a9e939
(*) MD5 c1556c94b34a4122d57972313f35c88d e32c94e33ac472b5ace00b5419dd912f


Rule: Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Tripwire_sec]

Start Point HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Tripwire_sec
Severity 1,000
Added Objects 0
Removed Objects 0
Modified Objects 2
Errors 0

Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Tripwire_sec\+EventMessageFile

PropertyExpectedObserved
(*) Data Length 94 84
(*) CRC32 e24b5d7b f4f72c07
(*) MD5 a10431f47ec483d3f06832f27648aaef 2c909c599acfa96754f0efc51bc16d88


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Tripwire_sec\+ParameterMessageFile

PropertyExpectedObserved
(*) Data Length 94 84
(*) CRC32 e24b5d7b f4f72c07
(*) MD5 a10431f47ec483d3f06832f27648aaef 2c909c599acfa96754f0efc51bc16d88


Rule: Critical Tripwire Registry keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tripwire]

Start Point HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tripwire
Severity 1,000
Added Objects 0
Removed Objects 0
Modified Objects 2
Errors 0

Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tripwire\+EventMessageFile

PropertyExpectedObserved
(*) Data Length 94 84
(*) CRC32 e24b5d7b f4f72c07
(*) MD5 a10431f47ec483d3f06832f27648aaef 2c909c599acfa96754f0efc51bc16d88


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tripwire\+ParameterMessageFile

PropertyExpectedObserved
(*) Data Length 94 84
(*) CRC32 e24b5d7b f4f72c07
(*) MD5 a10431f47ec483d3f06832f27648aaef 2c909c599acfa96754f0efc51bc16d88


Rule: Critical Security Account Keys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]

Start Point HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA
Severity 1,000
Added Objects 0
Removed Objects 0
Modified Objects 2
Errors 0

Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\+LsaPid

PropertyExpectedObserved
(*) CRC32 8c8c3b4d b9702e91
(*) MD5 63b51f5f7d582c462f5ab3da40416d29 97d244d7c18a2693f2bd1b4eaef95b3c


Modified Object: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Audit\Sources\tripwire_sec\+ExecutableImagePath

PropertyExpectedObserved
(*) Data Length 94 84
(*) CRC32 e24b5d7b f4f72c07
(*) MD5 a10431f47ec483d3f06832f27648aaef 2c909c599acfa96754f0efc51bc16d88


Rule: Class keys [HKEY_CLASSES_ROOT\Component Categories]

Start Point HKEY_CLASSES_ROOT\Component Categories
Severity 35
Added Objects 5
Removed Objects 0
Modified Objects 0
Errors 0

Rule: Class keys [HKEY_CLASSES_ROOT\Interface]

Start Point HKEY_CLASSES_ROOT\Interface
Severity 35
Added Objects 189
Removed Objects 0
Modified Objects 0
Errors 0


Error Report

No Errors



Report generated by Tripwire(R) for Servers version 4.6.0.188 for Windows(R) Operating Systems

Tripwire is a registered trademark of Tripwire, Inc. All rights reserved.