Gold Image Baseline

Is it possible to have a full gold image as a baseline and automatically have endpoints compare themselves to the image at scheduled intervals and download missing or corrupt files?

Assuming you a referring to Windows machines… Windows images are stored as .wim files as opposed to individual files so this would not be possible. At least not leveraging normal out of box capabilities. If you suspect that the endpoint has been compromised in some fashion (potentially long topic there) it should be possible to initiate a full re-image (or even bare metal by changing boot order with a fixlet then rebooting endpoint into bare metal mode) via the BigFix REST API.

Thank you for a fast reponse! The OS is Windows but the machine is ATMs. If out of the box gold image baseline is not possible, what custom actions can we take? We are also facing some Microsoft competition so does SCCM or other MS software provide such a capability?

MS does not do this as far as I am aware. The Windows image is a .wim so to do this the .wim would have to be extracted and placed somewhere and then every file hash is calculated and then compared to what is on the ATM (or vice versa). This is not what BigFix is built for quite frankly. Could we do it? I would say we can do just about anything, but should we do it… that is a no as far as I am concerned. I would take the approach of having a monitoring tool alert BigFix when something is wrong and then we could automatically re-image the ATM. My 2 cents given the info provided.

Given that these are ATMs, are you running some version of Windows Embedded on them? Windows Embedded editions allow for scenarios like a read-only filesystem (executing from CD-ROM or ROM flash memory) which can help reduce tampering, reduced component installation to minimize attack surface and compatibility considerations, etc.

For full filesystem integrity checks, have you looked into Microsoft’s "File Content Integrity Verifier) (fciv.exe) tool? This tool can calculate hashes of a directory or filesystem, and save the results to an output xml file for comparison later.