Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »


Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date



Problem

When running an Assessor scan against a Windows target, the scan stops unexpectedly while gathering networking parameters.

When Assessor is run with INFO-level logging, the /logs/assessor-cli.log file contains the following entry indicating the scan halts at the collect_ipconfig step:

INFO org.cisecurity.session.impl.BaseSession - Starting Execution for Command --> 
""C:\Windows\Temp\ccpa-temp-20220927T155943132\ciscat.exe" "collect_ipconfig""
ERROR org.cisecurity.wrapper.SessionUtilities - Exception Creating Session!
org.xml.sax.SAXParseException: Content is not allowed in prolog.

Solution

This particular issue can be caused by network interfaces (virtual or physical) that return insufficient data for the assessment to proceed.

To verify, open an administrative PowerShell terminal on the target Windows system and run the following Get-WmiObject command:

Get-WmiObject -Namespace "root\cimv2" -Query "SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IpEnabled='True'" | Select-Object Description, Index, IPAddress, MACAddress | ConvertTo-Csv -NoTypeInformation

The resulting output will indicate which adapters are affected, if any.

In the below example, the "Appgate Tunnel" interface does not return a corresponding MAC address value:

"Description","Index","IPAddress","MACAddress"
"Intel(R) Wi-Fi 6 AX201 160MHz","1","System.String[]","88:D8:2E:07:FC:C9"
"VirtualBox Host-Only Ethernet Adapter","5","System.String[]","0A:00:27:00:00:03""
"Appgate Tunnel","16","System.String[]", 

To allow the scan to complete, temporarily disable the affected interface in the system settings. The query used by Assessor only collects this data from adapters with enabled TCP/IP bindings.

Once the scan completes, the interface can be re-enabled.

Keywords;

Content by Label


Copyright © 2022

Center for Internet Security®


  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.