New Controls: Registry Keys with Multiple Values for Windows 2000, XP, 2003, Vista, 2008, and 7

Document created by malderman on Jun 21, 2011Last modified by malderman on Dec 1, 2011
Version 4Show Document
  • View in full screen mode

After a function update to provide extended evidence for Windows registry key paths and parameters, CRM 603449 was opened, identifying changes in the actual values for a few registry keys. These keys all have multiple values, which were comma separated as a single string in the old function.  The new function handles multiple values as a list string.  The following original controls will be replaced with new controls that use the new list string data type on December 14, 2011:


Original CID   New CID   Statement

1384               5209          Status of the 'Network Access: Named Pipes that can be accessed anonymously' setting

1385               5210          Status of the 'Network Access: Shares that can be accessed anonymously' setting

1438               5211          Status of the 'System settings: Optional subsystems' setting

1599               5213          Status of the 'Network Access: Remotely accessible registry paths and subpaths' setting

3817               5212          Status of the 'Network Access: Remotely accessible registry paths' setting (Windows 2003 and later)

3824               5214          Status of the 'Network Access: Remotely accessible registry paths' setting (Win2k, XP)


The original controls will no longer return valid data starting December 14, 2011 with the release of ML 6.0 on the scanner appliances, therefore, the new controls must be used.  We recommend adding the new controls to your policy and copying the expected value from the original control to the new control.  If your original expected values used commas to separate multiple values, they will need to be updated such that each string is its own line with a carriage return.


In addition, the original controls (1384, 1385, 1438, 1599, 3817, and 3824) will be deprecated with the release of QualysGuard 6.23 on December 13, 2011 in the US and December 15, 2011 in the EU.  The new controls (5209, 5210, 5211, 5213, 5212, and 5214) will be the replacement controls and new workflows will be introduced to replace these controls within your policies.