On Fri, 22 Jul 2011 03:11:07 -0700 (PDT), GeorgeY wrote:
ossec-agent: ERROR: Unable to execute command: 'reg QUERY HKLM\SYSTEM
\CurrentControlSetEnum\USBSTOR'.
I am guessing Win2k machines do not have this key. However, is there
a
way to make it ignore if the key doesn't exist so that the OSSEC
service can continue to start?
Untested, but this may work to stop it from executing on Windows 2000:
ver | find "Windows 2000" >nul || reg QUERY
HKLM\SYSTEM\CurrentControlSetEnum\USBSTOR
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
