After a function update to provide extended evidence for Windows registry key paths and parameters, CRM 603449 was opened, identifying changes in the actual values for a few registry keys. These keys all have multiple values, which were comma separated as a single string in the old function. The new function handles multiple values as a list string. The following original controls will be replaced with new controls that use the new list string data type on December 14, 2011:
Original CID New CID Statement
1384 5209 Status of the 'Network Access: Named Pipes that can be accessed anonymously' setting
1385 5210 Status of the 'Network Access: Shares that can be accessed anonymously' setting
1438 5211 Status of the 'System settings: Optional subsystems' setting
1599 5213 Status of the 'Network Access: Remotely accessible registry paths and subpaths' setting
3817 5212 Status of the 'Network Access: Remotely accessible registry paths' setting (Windows 2003 and later)
3824 5214 Status of the 'Network Access: Remotely accessible registry paths' setting (Win2k, XP)
The original controls will no longer return valid data starting December 14, 2011 with the release of ML 6.0 on the scanner appliances, therefore, the new controls must be used. We recommend adding the new controls to your policy and copying the expected value from the original control to the new control. If your original expected values used commas to separate multiple values, they will need to be updated such that each string is its own line with a carriage return.
In addition, the original controls (1384, 1385, 1438, 1599, 3817, and 3824) will be deprecated with the release of QualysGuard 6.23 on December 13, 2011 in the US and December 15, 2011 in the EU. The new controls (5209, 5210, 5211, 5213, 5212, and 5214) will be the replacement controls and new workflows will be introduced to replace these controls within your policies.