Today I have a great opportunity to write about MaxPatrol 8. For me it is a very nostalgic experience. I worked for many year in Positive Technologies developing this product. And now I can write about it from the customer side.

MaxPatrol is still not very well known outside Russia and CIS, although this product available in English, and has even a Korean localization. So, why not to introduce this product to the readers of my blog? The other reason to write this post is a pretty common opinion, that MaxPatrol is very hard to install and use, and it is the main disadvantage of the product. In fact it is not true.

MaxPatrol is not perfect like any other product. But it’s no more complex than any other enterprise level Vulnerability Management product. It’s my considered opinion after working with a number of other vulnerability and compliance assessment products. GUI may look unfamiliar from the first look, but you can quickly get used to it.

As for the functional capabilities, in some cases it is even difficult to compete with MaxPatrol. Here are the most interesting features:

1. Advanced White Box assessment:
   • Extended OS inventory
   • Software license control
   • User control
   • Password recovery (hash brute-force)
   • Security checks for running services
2. Advanced Compliance scanning capabilities
3. Special assessment modules:
   • SAP ERP
   • SCADA
     
   • Core telecom networks
4. Forensic mode – security incidents detection based on event logs analysis

The first blog post will be about MaxPatrol installation.

MaxPatrol 8 setup file is about 700-800 Mb. It should be installed on Windows server machine. Recommended requirements for the the server:

2*2,4 GHz processor, 8 Gb RAM, 50 Gb hard drive, Microsoft Windows Server 2012 R2 (x64) or higher.

If you use Linux, you may have a problem: how to connect to the Windows machine and upload there MaxPatrol distribution? You can use this rdesktop command:

rdesktop -u windows_user -p windows_password -g 1200x950 -r clipboard:PRIMARYCLIPBOARD -r disk:share=/home/linux_user/MaxPatrol_Distrib/ windows_host

When you connect to the host, you will see files from MaxPatrol_Distrib directory in your Windows network.

Warning! Most likely that you will use MaxPatrol protected with usb-token and if  you connect to a Windows machine using rdesktop, MaxPatrol installer probably won’t see the token. So, you may use rdesktop to copy MaxPatrol distrib file and than connect to the Windows machine using VNC, for example with Remmina Linux VNC client to perform installation process. After it, you will be able to manage MaxPatrol using rdesktop only.

Here is MaxPatrol8 installer:

Welcome to the MaxPatrol installation wizard.

Accept license agreement.

MaxPatrol will be installed in C:\Program files\Positive Technologies\MaxPatrol

Choose installation type: full install or install MaxPatrol server/console only:

Link in the Start menu (Positive Technologies\MaxPatrol):

Server configuration: name and port (2002 by default) of our new MaxPatrol server, update server configuration (update.maxpatrol.com:443 by default). MaxPatrol 8 can also use proxy to connect to the update server.

Hash of the certificate:

Here you can create Administrator account: login and password.

MaxPatrol can use built-in SQLExpress database or SQL Server. For testing SQLExpress is more than enough.

System requirements: operating system, free space on hard drive, monitor resolution and libraries are ok. The only thing I don’t have is Microsoft Net Framework. If I press on “Error”, MaxPatrol installer will download and install it.

We are ready to install. As you can see, our license “F1295F084..” is built in in installer.

Starting screen of MaxPatrol 8 console:

The server will be in the updating process for some time and then we will see login window:

And finally here is a GUI of MaxPatrol 8 in English:

All interactive installation process is pretty straightforward and takes less than 15 minutes!