C3 - Free Community Content - 7/7 Release Notes (EMET 5.5 Compatibility Workaround Inc.)

Hello!

I am pleased to announce a small update to the C3 set of projects.

For information on the C3 set of projects (and how to set it up with your BigFix Environment) please see the announcement post: C3 - Free BigFix Community Content Libraries This content is provided by the community, maintained by me and anyone who contributes to the repositories on github. This is not IBM provided or supported content.

Overview

This release includes some new analyses for the C3 Inventory site and C3 Protect sites and some additional EMET content. Due to a number of issues with recent Microsoft patches KB3145706, KB3147071, and KB3153171, we have included EMET rules that do not have any EAF mitigations. This fixes issues with applications not launching on Windows 7 x86 with EMET 5.5.

  • C3 Inventory - 49 Analyses (2 New), 15 Fixlets
  • C3 Patch - 59 Supported Applications
  • C3 Protect - 27 (1 New) Analyses, 69 Fixlets (2 New)
  • C3 Platform Kickstart - 26 Fixlets, 2 Analyses
  • C3 Remote Control - 7 Fixlets, 7 Analyses

C3 Inventory

Analyses:

  • “Scheduled Tasks - Windows” - Provides information (Path, Last Run Time, Next Run Time, Last Result, State, If it runs on idle, who it is set to Run As, and if there is an embedded password) for currently configured Windows Scheduled Tasks
  • “NTP - Windows” - Provides information on the currently configured time source in Windows

C3 Protect

Fixlets:

  • “Config - EMET Rules - Enable Microsoft Application Mitigations without EAF - Windows” - Same as default rules except the EAF mitigations are removed.
  • “Config - EMET Rules - Enable Popular Third-Party Mitigations without EAF - Windows” - Same as default rules except the EAF mitigations are removed.

Analyses:

  • “Audit Policy - Windows” - Provides information on Account Lockout, Account Policy and various system audit logging

Summary

To learn more about C3 please see the original announcement

1 Like