/// <summary> /// 인터넷 익스플로러 취약성 점검 /// 레지스트리를 통해 인터넷 익스플로러 취약성을 검토 /// </summary> /// <param name="item"></param> public static void Diagnosis_MA_001(CheckItem item) { string value = GreyWnReg.GetRegistryValue("SOFTWARE\\Microsoft\\Internet Explorer", "svcUpdateVersion", GreyWnReg.Hive.LocalMachine); int MajorIeVersion; if (int.TryParse(value.Split('.').First(), out MajorIeVersion)) { if (MajorIeVersion >= 11) { item.Proofs["IeVersion"] = value; item.Status = Result.Fulfilled; } else { item.Status = Result.Negative; } } else { item.Status = Result.Negative; } // 진단 시작 }
public static void Diagnosis_MA_008(CheckItem item) { // 진단 시작 // HKEY_LOCAL_MACHINE\SOFTWARE\AhnLab\ASPack\9.0\Option\AVMON string value = GreyWnReg.GetRegistryValueEx("SOFTWARE\\AhnLab\\ASPack\\9.0\\Option\\AVMON", "sysmonuse", GreyWnReg.Hive.LocalMachine); item.Proofs.Add("sysmonuse", value); if (value != "1") { item.Status = Result.Negative; } value = GreyWnReg.GetRegistryValueEx("SOFTWARE\\AhnLab\\ASPack\\9.0\\ServiceStatus", "AvMon", GreyWnReg.Hive.LocalMachine); item.Proofs.Add("AvMon", value); if (value != "1") { item.Status = Result.Negative; } if (item.Status != Result.Negative) { item.Status = Result.Fulfilled; } }
/// <summary> /// 보안프로그램 설치 현황을 확인 /// </summary> /// <param name="item"></param> public static void Diagnosis_MA_005(CheckItem item) { int Count = 0; try { string MainKey = @"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall"; List <string> InstalledSoftware = new List <string>(); // 진단 시작 string[] subkeys = GreyWnReg.GetSubKeyNames(MainKey, GreyWnReg.Hive.LocalMachine); foreach (var key in subkeys) { string value = GreyWnReg.GetRegistryValue(string.Join("\\", MainKey, key), "DisplayName", GreyWnReg.Hive.LocalMachine); if (value != null) { InstalledSoftware.Add(value); } } MainKey = @"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"; string[] subkeys2 = GreyWnReg.GetSubKeyNames(MainKey, GreyWnReg.Hive.LocalMachine); foreach (var key in subkeys2) { string value = GreyWnReg.GetRegistryValue(string.Join("\\", MainKey, key), "DisplayName", GreyWnReg.Hive.LocalMachine); if (value != null) { InstalledSoftware.Add(value); } } // APC 체크 IEnumerable <string> results = InstalledSoftware.Where(x => x != null && x.ToLower().Contains("ahn") && x.ToLower().Contains("policy") && x.ToLower().Contains("agent")); if (results.Count() > 0) { foreach (var elem in results) { if (elem != null) { try { item.Proofs.Add(elem, "설치"); } catch (Exception) { } } } } else { try { item.Proofs.Add("APC Agent", "미설치"); Count += 1; } catch (Exception) { } } // 매체제어 체크 체크 Process[] localAll = Process.GetProcesses(); // 서비스 목록 출력 ServiceController[] scServices = ServiceController.GetServices(); IEnumerable <Process> sdpa = localAll.Where(x => x.ProcessName.ToLower().Contains("SDPA".ToLower())); if (sdpa.Count() > 0) { foreach (var elem in sdpa) { if (elem != null) { try { item.Proofs.Add(elem.ProcessName, "설치"); } catch (Exception) { } } } } else { try { item.Proofs.Add("매체 제어(SDPA)", "미설치"); Count += 1; } catch (Exception) { } } IEnumerable <Process> n5client = localAll.Where(x => x != null & x.ProcessName.ToLower().Contains("n5client".ToLower())); if (n5client.Count() > 0) { foreach (var elem in n5client) { if (elem != null) { try { item.Proofs.Add(elem.ProcessName, "설치"); } catch (Exception) { } } } } else { try { item.Proofs.Add("NetClient", "미설치"); Count += 1; } catch (Exception) { } } IEnumerable <Process> edpa = localAll.Where(x => x != null & x.ProcessName.ToLower().Contains("edpa".ToLower())); //scServices.Where(x => x != null & x.DisplayName ) if (edpa.Count() > 0) { foreach (var elem in edpa) { if (elem != null) { try { item.Proofs.Add(elem.ProcessName, "설치"); } catch (Exception) { } } } } else { try { item.Proofs.Add("데이터 유출 방지프로그램(DLP)", "미설치"); Count += 1; } catch (Exception) { } } IEnumerable <string> backoffice = InstalledSoftware.Where(x => x != null && x.ToLower().Contains("BACKOFFICE")); if (backoffice.Count() > 0) { foreach (var elem in backoffice) { if (elem != null) { try { item.Proofs.Add(elem, "설치"); Count += 1; } catch (Exception) { } } } } else { try { item.Proofs.Add("BackOffice", "미설치"); } catch (Exception) { } } IEnumerable <string> MiPlatform = InstalledSoftware.Where(x => x != null && x.ToLower().Contains("MiPlatform")); if (MiPlatform.Count() > 0) { foreach (var elem in MiPlatform) { if (elem != null) { try { item.Proofs.Add(elem, "설치"); Count += 1; } catch (Exception) { } } } } else { try { item.Proofs.Add("송장 출력 프로그램", "미설치"); } catch (Exception) { } } }catch (Exception e) { MessageBox.Show(e.Message); } if (Count > 0) { item.Status = Result.Negative; } else { item.Status = Result.Fulfilled; } }