Windows Change Management
In Windows systems, there are constant changes happening to files, folders and registry entries. Though many of these changes are due to normal processes like patch updates or system modifications, some of the changes could be the result of viruses or malicious hacker attacks that can introduce critical vulnerabilities to these Windows systems, that cause system downtime.
It therefore becomes imperative that some of the critical files, folders and registry entries are periodically monitored and the changes are kept track off during the normal vulnerability scan cycle. Change tracking and management aids largely in providing insights on the status of the entities (like files, folders or registry entries) and helps comparing against a preset baseline. This ensures IT Security staff that everything is in order and gives them control over vulnerabilities creeping into Windows systems due to unwarranted file/folder/registry changes.
In Security Manager Plus, Change Management of Windows machines is governed by Profiles. Profiles are nothing but custom templates that are defined by users to capture a list of important files, folders and registry entries that need to be periodically tracked for changes during every scan. Change tracking can be done on Assets or Asset Groups. Multiple profiles can be associated to the same asset or asset group.
By default, the details obtained from a File or a Folder or the values for a Registry key after the first scan on an asset, will be treated as the Baseline value for various parameters being tracked. However, this can be altered at any time and a baseline can be set to be a changed value.
Setting baselines is applicable for every entry under each category (files, folders or registry).