Hello! Can someone please help with a hint?
I’m using the following custom vuln check but I get this error message when I check the results
I’m not sure what is wrong here.
I know this is a really old topic but I can’t just leave these check questions un-answered. In this case the “scope” can only be endpoint or node based on the xml schema validation.
xmllint --noout --schema xsd/vulnerability-check.xsd remote-checks/cmty-macro-enabled-excel.vck
remote-checks/cmty-macro-enabled-excel.vck:1: element VulnerabilityCheck: Schemas validity error : Element 'VulnerabilityCheck', attribute 'scope': [facet 'enumeration'] The value 'check' is not an element of the set {'endpoint', 'node'}.
remote-checks/cmty-macro-enabled-excel.vck fails to validate
So going with something like setting scope to endpoint should validate properly.
- endpoint: Typically used if the check is meant for a specific device or host.
- node: Usually used if the check is for a network or broader scope.
<VulnerabilityCheck id="macro-enabled-excel" scope="endpoint">
<WindowsRegistry>
<registryKey name="HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\excel\security\XI4MacroWarningFollOwVBA" mustNotBePresent="1">
<registryValue name="Macro Enabled">
<regex cflags="REG_ICASE">.*</regex>
</registryValue>
</registryKey>
</WindowsRegistry>
</VulnerabilityCheck>
xmllint --noout --schema xsd/vulnerability-check.xsd remote-checks/cmty-macro-enabled-excel.vck
remote-checks/cmty-macro-enabled-excel.vck validates
1 Like