Configure a Windows File Integrity Check control to check changes to a Windows file. You tell us the file to be evaluated and the hash type for computing the file hash. With the first scan, we'll establish a baseline and with each subsequent scan we'll monitor the file for changes.
The statement you provide is like the control name that describes what it is and how it should be implemented in the environment. You'll also need to decide which category the control belongs to. This is important because users can search and filter controls by category, they can also search by keywords in the statement.
The scan parameters are used to gather data needed for compliance evaluation at scan time. Click Add Parameters, and make these settings:
File path - This is the path to the file to be evaluated.
Hash Type - This identifies the algorithm to be used for computing the file hash. The supported hash types are: MD5 (insecure competitive matching only) 16-byte digest, SHA1 (insecure competitive matching only) 20-byte digest, and SHA256 (Secure) 32-byte digest.
Description - The control description will appear in compliance policies and reports. If you change the description at a later time, the description will be updated for all controls that use the same set of parameters.
Your control may apply to many technologies. Select each technology you're interested in and provide a rationale statement and expected value.
Time Saving Tip - If you plan to enter the same settings for each technology you only need to do it once. Make your selections in the "Default Values for Control Technologies" section first and then select the check box for each technology you want. You'll see that the settings get copied automatically to each technology that you select.
Make these settings:
Rationale - Enter a rationale statement describing how the control should be implemented for each technology.
Operator - (View only) The operator "regular expression" is used to compare the results to the default value, which is specified as a regular expression.
Default Value - You have these options for setting the expected value:
Manually set the value - The initial regular expression value for a file integrity control is .* (period asterisk) for "any value". Once you've run a scan using the control, and generated a compliance report, you can copy the actual value from the resulting report into the Default Value field of the control.
Automatically set the value - Choose the "Use scan data as expected value" option and we’ll set the expected value for you based on the actual value returned by the scan. Learn more
Add up to 10 references for the control. These may be references to internal policies, documents and web sites. For each reference, enter a description, a URL or both. When providing a URL, you must start the URL with http://, https:// or ftp://. For example, enter http://www.qualys.com to link to the Qualys web site. Once added users have the option to include references in policy reports.
Ready to scan?
You must select this setting in the option profile you apply to your scan: Enable Dissolvable Agent. When editing your profile, you'll see this setting under Dissolvable Agent (in the Scans section).