Follow the steps below to create an application and rule in Snow Management and Configuration Center (SMACC) that locally identifies machines affected by the PKFail vulnerability.

Solution

Before a new application is added, ensure that the relevant raw data for the application in question is being reported.

There are several ways to filter out the data:

• The % character works as a wildcard character, which applies to all columns in the Unassigned Inventoried Software view.
  For example, if you know the name of the main executable file, you can type %\name_of_main_file.exe in the Executable Path text box.
• Alternatively, use the name and manufacturer to search by. Remember, the % character makes it easy to find what you are looking for.
  
  

Create an Application

1. Open Snow Management and Configuration Center, and log in with your username and password.
2. In the category menu, expand Software recognition (1), and then click Application definitions (2).
3. Click New Application (3). The New Application dialog box appears.

4. On the General Info tab, type the name of the application (1). This name will be displayed in Snow License Manager. For this example, the name will be "SECURITY - PKFailSensor:Positive."
5. Select the Manufacturer drop-down menu to choose a manufacturer from the list (2). If the manufacturer is unavailable in the list, click the three dots (...) button to open a dialog box where a new manufacturer can be added. For this example, the existing manufacturer, Flexera Software, Inc., is used.
6. Language should be set to Language Neutral and the Operating System set to Windows.

7. On the Settings tab, select the checkbox to enable This application requires no license. Leave the other checkboxes unchecked. There is no need to add the application family, version index, edition index, and release date.

8. Optionally, you can categorize the software by using the checkboxes in the Application Types tab. This will be displayed on the Information tab in Snow License Manager. It is also possible to see reports based on these values.

No changes are needed in the Part Numbers tab.

9. Click OK to save the new application. The new application appears in the Applications list.

Create rules

1. In the Applications list, select the newly created application (1), then click New Rule (2). The New Rule dialog box appears.
   
   
2. The script (Scan-PKFailSensor.ps1) will determine if the computer is affected and will report a software row to the Snow Inventory Agent for Windows when the computer is found positive. The row has the parameters Name = "SECURITY - PKFailSensor:Positive", Manufacturer = "Flexera Software LLC" and Path = "scan_reg"

On the Definition Tab, add the following details:

Software: SECURITY - PKFailSensor:Positive

Manufacturer: Flexera Software LLC

Version: %

Language: %

Executable Path: scan_reg

3. Select to enable the Collected from registry checkbox since the software row created by the script is created as a registry software row.
4. If you are happy with the rule created, Click OK to save and close the Rule dialog box. The rule will now appear in the right frame as a rule assigned to the SECURITY - PKFailSensor:Positive application.
   
   

After the Daily Update Job (DUJ) has run, the application will be visible in Snow License Manager. If the script has been deployed and computers have been affected, these will show under the computers tab for the application.

Optionally, you can add the application to the application denylist. This will highlight the application in red on the applications tab for affected computers. This will also include the application on the “Denylisted applications per computer” for extra visibility.