Skip navigation
3024 Views 7 Replies Latest reply: May 24, 2012 5:20 AM by Jason Creech RSS
Nitin Gopinathan Level 1 11 posts since
Apr 19, 2012
Currently Being Moderated

May 1, 2012 8:59 AM

Compliance Scan result - Item not found

Hi,

 

I have created custom controls to check whether the Screensaver on a machine is enabled and whether it is password protected. I have added these controls to a policy which only contains these two controls. Everytime I run a scan against assets which were assigned to the this particular, both the controls fail and the message in the scan reports says "Error Code 2: Item not found".

 

I have verified that these keys do exist in the registry of the target machines. Can someone please tell me where I'm going wrong? I've searched through some websites but nothing has been of help as yet.


  • Jason Creech Level 3 124 posts since
    May 28, 2010
    Currently Being Moderated
    May 1, 2012 10:40 AM (in response to Nitin Gopinathan)
    Compliance Scan result - Item not found

    Hi Nitin,

     

    I would need a litle more information on how you built the control to know where the issue might lie.  I have listed some of the more common issues below.

     

    The most common issue I see occurs when UDC for Registry Value Content controls are made and the registry information is entered incorrectly.  The hive is already specified, followed by the registry key, and the registry value goes on the next line.

     

    HKLM

    SYSTEM\CurrentControlSet\services\Symantec AntiVirus

    Start

     

    You would then enter the expected service start type in the controls expected value for the appropriate technology.

     

    The most common error is when customers re-enter HKLM on the second line, or enter beginning and ending backslash which is incorrect.  Occasionally, I will see customers put the registry value, as in "Start" on the second line which is incorrect.  The registry value should go on the third line.

     

    Here is a screen snippet of a registry key entry example.

     

    Registry UDC Construction.jpg

    If you paste the registry key you are trying to check in this thread, I can take a look and paste a screenshot of the correct construction.  Also, I can check and see if the control might already exist in production or if it is in QA.  Let me know which Windows flavors you are trying to audit as well.

     

    Also, which region are you in? Email me your contact information to jcreech@qualys.com as well.

     

    Best regards,

     

    Jason Creech

    Qualys

    jcreech@qualys.com

    • Jason Creech Level 3 124 posts since
      May 28, 2010
      Currently Being Moderated
      May 24, 2012 5:20 AM (in response to Nitin Gopinathan)
      Compliance Scan result - Item not found

      On a side note, I have seen where the person's account used to test for the configuration value has access to one configuration value but the credentials used to scan have a different permission level and "see" a different configuration value due to Resultant Set Of Policy (RSOP) encountered with Group Policy use.

       

      This can cause confusion when trying to troubleshoot the issue since the data viewed from the different account permsission levels results in different data being displayed.

       

      Best regards,

       

      Jason Creech

      Qualys

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points