Resolution
What files and registry entries does Security Manager create or modify during an agent installation?
goal
What DLLs and registry keys does Security Manager install or update on an agent computer?
goal
What files or registry settings are landed on an agent?
fact
Security Manager 5.5
fix
The following lists describe the files and registry entries that Security Manager installs on an agent.
Unregistered files installed in the OnePoint folder:
boost_regex_vc7_mdi.dll
correlationutil.dll
dbghelp.dll
eemguicommon.dll
heapmgr.dll
icudt26l.dll
icuin26.dll
icuuc26.dll
keyutils.exe
killproc.exe
lea.conf
lea_fields.conf
leatest.bat
leatest.exe
libexpat.dll
libexpatw.dll
lmconsumer.dll
manualagenttool.exe
mcsactivescripteng.dll
monitorgui.dll
msvcp71d.dll
msvcr71d.dll
nqlog.dll
ns.dll
opsec_pull_cert.exe
opsec_putkey.exe
pdh.dll (NT4 only)
ppf_shared.dll
ppm.dll
psapi.dll
psc.dll
sm_wp.exe
smauxiliary.exe
smcommon.dll
smconfiguredcom.exe
smcore.dll
smcpeventconverter.conf
smcpeventconverter.exe
smmigrateagent.exe
smmsgs.dll
smpixputty.exe
smqueuedump.exe
smzlib.dll
snmpextnagent.dll
windowsproxyprovider.cab
Registered files installed in the OnePoint folder:
ce.dll
cmcom.dll
cmsupportcom.dll
defaultcollection.dll
eemapplogprovider.dll
eembulkinsertion.dll
eembulkinsertionwrapper.dll
eemciscoids.dll
eemknowledgebase.dll
eemlicense.dll
eemntevent.dll
eemperformanceprovider.dll
eemresponses.dll
eemscripteng.dll
eemscriptobjects.dll
eemtimedevtprovider.dll
eemwf.dll
eemwminumericprovider.dll
eemwmiprovider.dll
mcslicense.dll
mcsscriptcommon.dll
mcsscripteng.dll
mcsvarset.tlb
metadata.dll
nqsmsvc.exe
omsvrhelper.exe
onepointservice.tlb
oomads.dll
queuemanager.exe
ruleobjects.dll
smcom.dll
smcorrelationprovider.dll
smcpeventmon.dll
smdbcollector.dll
smissdbevents.exe
smprogrammableprovider.dll
smscutil.dll
varset.dll
Registered file installed in the Windows\System32 folder:
regobj.dll
System files that might be updated:
ATL71.dll
Msvcr71.dll
Mfc71.dll
Mfc71u.dll
Mfc71chs.dll
Mfc71cht.dll
Mfc71deu.dll
Mfc71enu.dll
Mfc71esp.dll
Mfc71fra.dll
Mfc71ita.dll
Mfc71jpn.dll
Mfc71kor.dll
Msvcp71.dll
Gdiplus.dll
Windows NT4 security templates installed in the Windows\Security\Templates folder:
customauditwin2000.inf
customauditwin2003.inf
customauditwinnt.inf
customauditwinxp.inf
customscm.inf
Registry keys created for unmanaged agents that are manually installed:
[HKEY_CLASSES_ROOT\Interface\{B4B7CFB1-AD9E-11D8-AE3B-005056C00008}]
@="IVarSet"
[HKEY_CLASSES_ROOT\Interface\{B4B7CFB1-AD9E-11D8-AE3B-005056C00008}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{B4B7CFB1-AD9E-11D8-AE3B-005056C00008}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{B4B7CFB1-AD9E-11D8-AE3B-005056C00008}\TypeLib]
@="{B4B7CF9D-AD9E-11D8-AE3B-005056C00008}"
"Version"="1.0"
[HKEY_CLASSES_ROOT\CLSID\{90568F9B-18E1-43BE-851D-8FBA89420AA7}]
"AppID"=""
[HKEY_CLASSES_ROOT\CLSID\{90568F9B-18E1-43BE-851D-8FBA89420AA7}\InprocServer32]
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{90568F9B-18E1-43BE-851D-8F.
BA89420AA7}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{90568F9B-18E1-43BE-851D-8FBA89420AA7}\TypeLib]
@="{53FE8AD3-C737-425B-B3B3-7CFB3CE4FA18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ]
"TraceDirectory"="%default%"
"TraceFile"="%default%"
"TraceLevel"=dword:FFFFFFFF
"TraceLinePrefix"="ToolFormat"
"TraceInitSeconds"=dword:0000005A
"TraceCircularLines"=dword:00002710
"TraceMinFreeMeg"=dword:00000014
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager]
"OnePointDir"="[INSTALLDIR]OnePoint"
"ManualAgent"="[SM_MANUALAGENT]"
"AuditPolicySet"=dword:00000000
"MigrationOldFilesDeleted"=dword:00000000
"MigrationAttempts"=dword:00000000
"MigrationStatus"=dword:00000001
"MigrationErrorCode"=dword:00000000
"MigrationErrorDetails"=""
"BootStartupDelay "=dword:0000003C
"CrashOnAllocationFailure"=dword:00000000
"AutoRestart"=dword:00000001
"ServiceVersion"="[ProductVersion]"
"DataDir"="[AppDataFolder]NetIQ\\Security Manager\\"
"InstallSubDir"="[INSTALLDIR]"
"Hotfixes"="[Hotfixes]"
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Operations]
"DisableLeakyPerfCounters"="AUTO"
"DisableVerbosePerformanceCounters"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Operations\MemTrace]
"OutputDir"="[INSTALLDIR]OnePoint"
"DoStackLogging"=dword:00000000
"TakeSnapshot"=dword:00000000
"DumpSinceSnapshot"=dword:00000000
"DumpAndTakeSnapshot"=dword:00000000
"StartStackLogging"=dword:00000000
"StopStackLogging"=dword:00000000
"SnapshotWithLogging"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\FileHistory]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations]
"ConfigGuid"="{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]]
"ConfigGuid"="{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]\MCSApplications]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]\MCSApplications\Operations Agent]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]\MCSApplications\Operations Agent\Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]\MCSApplications\Operations Agent\Objects\{B4B7C7E4-AD9E-11D8-AE3B-005056C00008}]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]\MCSApplications\Operations Agent\Objects\{B4B7C9A5-AD9E-11D8-AE3B-005056C00008}]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]\Operations]
"DataDirectory"="%default%"
"MissingEventStartupWait"=dword:0000012C
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONG.
ROUP]\Operations\Agent]
"MaxAlertCount"=dword:000001F4
"ResponseQueueUnits"=dword:0000000A
"ResubmitQueueBatchSize"=dword:00000064
"ExternalSubmitQueueUnits"=dword:0000000A
"MaxFileSize"=dword:00000BB8
"NumResponseThreads"=dword:00000005
"ArchivalLogMaxFileSize"=dword:00007530
"IsForwarder"=dword:00000000
"AttributeCollection"=dword:00015180
"DisableRealtimeSIDTranslation"=dword:00000000
"PPMStoreCheckIntervalMillis"=dword:00007530
"PPMStoreProvidersRootFolderPath"="OnePoint\\Providers"
"PPMStoreIncomingFolderPath"="IncomingPrgProviders"
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]\Operations\Agent\Consolidators]
"Consolidator 1 Host"="[SM_CENTRALCOMPUTER]"
"Consolidator 1 Port"=dword:[SM_SECUREPORT]
"Consolidator 1 Secure Port"=dword:000004F6
"PeerCount"=dword:00000001
"SecurityLevel"=dword:[SM_SECURITYLEVEL]
"EventQueueUnits"=dword:0000001E
"AlertQueueUnits"=dword:0000000F
"PerfQueueUnits"=dword:0000002D
"PacketRetryTime3"=dword:00007530
"PacketRetryCount2"=dword:00000032
"PacketRetryTime2"=dword:00001388
"PacketRetryCount1"=dword:00000014
"PacketRetryTime1"=dword:000003E8
"FailbackInterval"=dword:0000EA60
"LoadBalance"=dword:00000001
"PacketsPerSession"=dword:00000003
"CorrDelay"=dword:0000001E
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\Configurations\[SM_CONFIGURATIONGROUP]\Operations\Agent\LookupParams]
"MissedCacheExpiry"=dword:00000005
"HitCacheExpiry"=dword:0000001E
"CacheCleanupFrequency"=dword:0000003C
"ActiveDirectoryServerName"=""
"LookupServerName"=""
"UseGlobalCatalogForLookup"=dword:00000000
"ADSearchForDeletedObjects"=dword:00000001
"ADSearchTimeoutInSec"=dword:00000002
"RaiseEventForWrongSIDMetadatamap"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\SNMP]
"Pathname"="[INSTALLDIR]OnePoint\\SNMPExtnAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\SNMP\Data]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\AccessControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\AccessControl\{B4B7C9A5-AD9E-11D8-AE3B-005056C00008}]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\AccessControl\{B4B7C9A5-AD9E-11D8-AE3B-005056C00008}\{B4B7C9A3-AD9E-11D8-AE3B-005056C00008}]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\CommandList]
[HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\Security Manager\CommandList\ScriptKey]
"Command"="Installed by MAI"
"Executed"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\QueueManager]
"TypesSuppor.
ted"=dword:00000007
"EventMessageFile"="[INSTALLDIR]OnePoint\\SMMsgs.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Security Manager]
"EventMessageFile"="[INSTALLDIR]OnePoint\\SMMsgs.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents]
"SMExtnAgent"="NetIQ\\Security Manager\\SNMP"
note
This list does not include log files and queue files that may get created at runtime.