Frequently Asked Questions

What is SekChek?

Who uses SekChek, where are your clients?

How can SekChek help with our compliance efforts, such as SOX and HIPAA?

What computer platforms does SekChek support?

Where can I obtain a sample SekChek report?

What impact will SekChek have on my system?

Where do SekChek’s Industry Averages come from?

I heard SekChek can measure security against various standards. Tell me more!

Can SekChek compare security over time and system?

Can SekChek produce an audit trail of changes since the previous scan?

Can we exchange encrypted email (S/MIME, SSL or TLS) with SekChek?

How secure are the encrypted SekChek files and reports?

What are your plans for SekChek?

What is the difference between the Client software, Scan software & Processing Engine?

How do I install SekChek?

How do I run a Scan?

What files does SekChek use and create?

What are the differences between the Classic and Local tools?

What are the licensing and usage restrictions on the software?

How do I know that your software has not been tampered with?

Where can I find details of SekChek’s digital certificate and public key?

Can I pre-authorise Token Requests?

Can SekChek analyse Registry keys and NTFS permissions?

What are the minimum hardware and software requirements to run a SekChek Local Scan?

How long does SekChek take to run?

What is the largest system analysed by SekChek?

Does SekChek accurately report on users’ last logon times?

Does SekChek publish technical research / white paper documents?

Does SekChek provide other security tools and utilities?

Do you have a Non-Disclosure Agreement (NDA)?

How do I get technical support for your products?

What other organisations provide information about SekChek?

How green is SekChek?


Customer Accounts, Pricing, Payment Options

What does SekChek cost?

Tell me about your subscription service!

What payment options are available?

I would like to evaluate SekChek. Can I get a free trial?

How do I get started with SekChek?

How do I manage my account?

Does SekChek support charities?


Common Problems

Why can’t the Encrypt function see my Scan files?

I cannot decrypt my SekChek Report file: Incorrect pass-phrase / password

‘Internet Explorer restricted this webpage from running scripts...’ when opening a SekChek report

Error: ‘SekChek’s digital certificate is expired or damaged’ when you enable PKI features

Error: ‘Setup fatal error: Unable to generate installation log file’ when installing the SekChek software

Error: ‘The Page Cannot be Displayed’ when I open SekChek’s Help file (sekchek.chm)

Error: ‘NTVDM encountered a hard error.’ when executing the Windows Scan software



What is SekChek?[Top]

SekChek® is a family of automated computer security audit and benchmarking tools. SekChek measures security against leading international security practices and real-life averages by industry sector.

SekChek’s tools are available on a pay-per-use, license-free basis.

Please see the following pages for more information:

Who uses SekChek, where are your clients?[Top]

The names of specific clients are confidential. However, users of SekChek include major organizations in banking & insurance, airlines, mining, manufacturing, retailing, shipping, transportation, government, building & construction, import/export, food & beverages, farming, security consultants, IS professionals, internal auditors and general management. More information.

SekChek is used across all industry types in more than 140 countries. View country list.

How can SekChek help with our compliance efforts, such as SOX, HIPAA?[Top]

Many clients use SekChek on a regular basis as part of their statutory compliance and internal audit reviews. SekChek is well placed to help out in these areas because:

  • It provides an independent point-in-time snapshot of security controls
  • The graphical analyses provide a quick indication of whether security controls have strengthened or weakened since the previous time SekChek was run on a platform
  • SekChek’s consistent reporting from one analysis to the next avoids the risk of inconsistent interpretations between analyses over time
  • Similar reporting formats across platforms analysed (Windows, UNIX, AS400 and NetWare) ensure a consistent standard in the interpretation of security controls

What computer platforms does SekChek support?[Top]

SekChek’s audit tools support the most common Operating Systems and software, including:

Where can I obtain a sample SekChek report?[Top]

You can view or download sample reports for all SekChek products from our web site:

What impact will SekChek have on my system?[Top]

From the very outset the SekChek Scan software was designed to be non-intrusive, make ZERO changes to the host/target system, and leave no trace behind after the Scan process has completed.

With more than 100,000 SekChek scans behind us, we are not aware of any cases where SekChek has negatively impacted a host system.

Where do SekChek’s Industry Averages come from?[Top]

Perhaps the most important point is that SekChek’s Industry Averages are not merely based on some static, theoretical average for computer security. Industry Averages used in summary reports are dynamic, real-life averages that are automatically updated after every file we process, using anonymous summary data extracted from each scan file.

SekChek compares security controls on your system against a unique database containing more than 80,000 records and 30 million individual security metrics.

I heard SekChek can measure security against various standards.
Tell me more![Top]

SekChek typically benchmarks security against internationally recognised security standards because that’s what most people want. This includes benchmarks against industry-specific averages as well as leading security practices employed by the top 10-15% of organisations.

However, some clients prefer us to substitute their own (internal) security standards and to report against those. This helps them monitor how well their security policy is implemented and complied with and also alerts management to deviations from policy in specific departments or on certain computers.

A dynamic database of real-life security averages

We maintain a living database of real/actual industry averages for security. This is quite unique. We can currently compare security over different points in time, over several machines, and calculate security norms and averages by industry type and geographical location. This can produce some interesting results!

Contact us for further details.

Can SekChek compare security over time and system?[Top]

Yes, SekChek provides graphical comparisons of basic security settings and user accounts defined on a Server or Domain at two different points in time. This helps you to quickly determine:

  • Whether security has improved, worsened, or remained about the same since the previous review
  • The effectiveness of your measures to strengthen controls
  • Whether risk is increasing or decreasing

See comparisons spanning time and system for more information.

Can SekChek produce an audit trail of changes since the previous scan?[Top]

Yes, the SekChek Local tool can generate a list of changes (before and after images) made to security objects since the previous scan of the system or Active Directory domain.

The report can be used to confirm that only valid and authorised changes are being made to security accounts by comparing the list of modifications against the relevant change documents approved by management.

You can also use it to detect malicious or damaging changes that may have been made to your system’s security accounts or to confirm that large numbers of security changes made by an automated script were successfully applied.

Can we exchange encrypted email (S/MIME, SSL or TLS) with SekChek?[Top]

Yes, our Mail servers are configured to send and receive email using TLS (Transport Layer Security / SSL). If the TLS protocol is enabled on your Mail server, all email traffic between SekChek’s domain and your organisation’s domain will be automatically encrypted.

SekChek also supports S/MIME, which ensures full end-to-end encryption of email. You can download SekChek’s certificate from our web-site.

Other controls: SPF, anti-spoofing

To combat the risk of fraudsters and spammers sending forged / spoof emails that appear to be orginate from sekchek’s domain, we have defined special SPF (Sender Policy Framework) records on our public DNS servers.

We recommend you configure your mail servers to validate all email from sekchek.com against our published SPF records. Your mail server should reject emails that do not originate from any of SekChek’s nominated mail servers.

How secure are the encrypted SekChek files and reports?[Top]

Very secure!

SekChek employs various industry-standard encryption algorithms and techniques to ensure the security of your data. These include Public Key encryption techniques based on the RSA algorithm, and symmetric encryption techniques using algorithms such as AES and 3DES.

What are your plans for SekChek?[Top]

Our guiding principles are ease-of-use and interpretation; non-intrusiveness on the host machine; low cost; and speed of delivery.

Some of the more specific areas we are focusing on include improved graphical summaries, trend analyses and security benchmarking by geographical location.

The direction the SekChek service takes is largely determined by your requirements and needs. Tell us what you want.

What is the difference between the Client software, Scan software and
Processing Engine?[Top]

The Client software contains usage instructions, encryption/decryption software, sample reports and the ability to create additional copies of the Client and Scan software. It typically resides on your PC.

You use the Scan software to extract security data from an AS/400, UNIX, Windows NT/20XX, NetWare system or an Active Directory domain. It will only run on those systems.

The Processing Engine is used by the SekChek team to process your extracted security data, to calculate industry averages and comparisons, and to generate/encrypt your SekChek report.

How do I install SekChek?[Top]

SekChek Classic

The SekChek Classic software is installed on a regular PC. It is used to create copies of the Scan software, which are executed on selected remote target systems.

For detailed installation instructions see: Installing SekChek Classic.

SekChek Local

SekChek Local is installed on a network-attached workstation. It is used to scan target systems over the network.

For detailed installation instructions see: Installing SekChek Local.

How do I run a Scan?[Top]

See SekChek’s Help file or the following pages for instructions to run the Scan process.

What files does SekChek use and create?[Top]

SekChek Classic for OS/400

  • Executable file: SekASExt
  • Scan files (mandatory): PROFBAS.txt, SYSVALS.txt
  • Scan files (optional): ANZDFTPWD.txt, OBJAUT.txt, PGMADP.txt, SEKLOG.txt, SRVTBLE.txt

SekChek Classic for Active Directory

  • Executable file: SEKWIEXT.EXE
  • Scan file: SEK2KF.ZIP (encrypted)

SekChek Classic for Windows Servers

  • Executable file: SEKWIEXT.EXE
  • Scan file: SEKNTF.ZIP (encrypted)

SekChek Classic for UNIX

  • Executable script file: SEKUNEXT
  • Scan file: sekunf.z (compressed, not encrypted)

SekChek Classic for Novell / Netware

  • Executable file: SEKNEEXT.EXE
  • Scan file: SEKNEF.ZIP (encrypted)

SekChek Local

  • Executable file: SekChekLocal.exe
  • Scan file: XXXXXXXXX_SC.ZIP (encrypted)
  • Access Token: XXXXXXXXX_TF.SDE

Important  Extended filenames

For more information see: Encrypting a Scan file / File naming conventions

What are the differences between the Classic and Local tools?[Top]

SekChek Local allows you to scan and audit an entire Active Directory domain or multiple MS-Windows Servers at a time. The software runs on your workstation and scans target Hosts across the network. Because Scan data is processed locally on your PC, there is no requirement to send data off-site for processing.

SekChek Classic provides you with a comprehensive report in MS-Word and Access / Excel formats, including non-technical summary reports, an Overall Rating of security against real-life industry averages, implications and general recommendations.

SekChek Classic supports systems running AS/400, UNIX, MS-Windows, Novell / NetWare and Active Directory.

See Benefits, SekChek Local vs SekChek Classic for a detailed comparison of SekChek’s Classic and Local tools.

What are the licensing and usage restrictions on the software?[Top]

Quite simply, NONE! Although we retain the title and ownership of the SekChek software, you are free to use and to distribute the software in its current form to anyone you wish.

However, you are not allowed to attempt to modify, translate, reverse engineer, disassemble, or to create derivative works based on the software without the prior written consent of SekChek.

How do I know that your software has not been tampered with?[Top]

SekChek goes to great lengths to ensure its software is authentic and safe to use.

For example, after testing and quality assurance, our software is scanned for viruses before it is digitally signed with a special certificate reserved for software signing. The digital signature confirms that the software originated from SekChek and has not been modified since it was signed.

To check the digital signature

From Windows Explorer, right-click on an EXE file and select the Digital Signatures tab

View digital signature

Click on the Details button to confirm that the digital signature is OK

View digital signature

You can also validate the digital signature via the SekChek software: View | Certificates | Check Digital Signature on EXE

See also: Digital Certificates, Public Keys

Where can I find details of SekChek’s digital certificate?[Top]

Please see the following page for details of SekChek’s public key: Digital Certificates, Public Keys

Note that all software on this site has been signed with this certificate

Can I pre-authorise Token Requests?[Top]

Yes. Please forward the following information to SekChek:

  • Name of person submitting the Token Request;
  • E-mail address of person submitting the Token Request;
  • SekChek Local platform (SAM (workstation/server) or AD);
  • Number of scans in this Token Request (applicable to SAM only);
  • Charge/DIS/SA/WBS Code if applicable.

Please note that one pre-authorisation is valid for one scan, although up to 15 servers (or 1 Active Directory) can be scanned at a time.

Once we receive this information, we will configure the pre-approval to expire after one week. Should the consultant require a longer time-frame to execute the scan(s), this should be indicated within the request. Alternatively, a new request for pre-approval should be made with us.

Can SekChek analyse Registry keys and NTFS permissions?[Top]

Yes.

SekChek can report on values for System Registry keys and analyse DACLs (Discretionary Access Control Lists) and SACLs (System Access Control Lists) for files and directories.

You do this by defining the list of the Registry keys, and the names of the files and directories you want to analyse in file sekchek.inp. See SekChek for Windows Extract instructions for details in the SekChek Help File.

What are the minimum hardware and software requirements
to run SekChek Local?[Top]

SekChek Local requires Windows 2000 Professional (or later) with IE 5.5 (or later). The recommended minimum amount of RAM to Scan a large Active Directory domain is 1.5 GB.

SekChek’s reporting features require MS-Office 2003 (with MS-Access) or later. If you use MS-Office 2000 please write to us and request a special version of the Report Database.

How long does SekChek take to run?[Top]

SekChek’s execution time is determined by several factors, such as the speed of the network, system activity and the number of user accounts or files on the machine. We have provided the following guidelines, which should be accurate in 80% of cases.

SekChek for OS/400 will run for 10-15 minutes on systems with up to 200 accounts. On large systems with more than 500 accounts it could run for 30-40 minutes.

SekChek for Windows typically runs for 5-10 minutes on systems with up to 1,000 accounts. On medium-sized Active Directory domains (2,000 to 5,000 accounts) it could run for 30 minutes or more. On very large domains the Scan process could take several hours, depending on which run-time options you selected. The execution time will also increase on domains with many containers/organization units and group memberships.

Note that the option to Query all Domain Controllers for users’ last logon information will significantly increase the execution time if the domain has a large number of geographically dispersed Domain Controllers.

SekChek for UNIX typically runs for 5-20 minutes. However, if the host has a very large file system and you decide to analyse file permissions or to scan files on NFS-mounted volumes, it could run for several hours. Note that steps with the potential to execute for a long time have all been made optional.

SekChek for NetWare typically runs for 10-20 minutes on systems with up to 2,000 accounts. On very large systems (more than 10,000 accounts), you should allow 2-4 hours.

Does SekChek accurately report on users’ last logon times?[Top]

Active Directory Domains

User logons can be authenticated by any domain controller (DC) in the domain and Active Directory does not replicate last logon times across its DCs. For this reason, the accuracy of last logon times depends on whether you select the option Query All DCs for Last Logon Times when the Scan process is run.

If the run-time option Query all DCs for Users Last Logon Times is selected

Last logon times will be the very latest times. This is because SekChek queries all visible DCs for each user’s last logon time and reports the latest recorded value.

If the run-time option Query all DCs for Users Last Logon Times is not selected

In general, last logon times will be accurate to within 14 days. This is because SekChek queries a replicated property that Active Directory updates every 14 days.

Note that this only applies if the functional level for the domain is Server 2003 or later, because the replicated property is only active from this level.


Windows Server, AS/400, UNIX and Netware Systems

Last logon times will always reflect the very latest times.

What is the largest system analysed by SekChek?[Top]

The largest domain analysed by SekChek contained more than 1 million user accounts. The security reports were produced within a few hours of completion of the Scan.

You may be interested to know that to end 2016, SekChek has analysed 110 million user accounts and 42 million security groups on systems belonging to many of the world’s largest and best known organisations.

Our clients have also used our tools to analyse more than:

  • 58 million network attached Servers and workstations
  • 10 million Windows services
  • 200,000 locally attached disk drives
  • 610 million DACLs
  • 2.6 million hot-fixes
  • 1.4 billion file permissions

The only limitations on the size of system that SekChek can analyse are the size of the output files and the time required for the scan.

Does SekChek publish technical research / white paper documents?[Top]

Yes, SekChek publishes research information and in-depth answers to the most common security-related questions asked by our clients in the form of white papers. Examples include questions regarding new, or poorly understood security controls.

These technical white paper documents are freely available from our web-site.

Does SekChek provide other security tools and utilities?[Top]

Yes, SekChek offers several free security audit tools and utilities, such as:

  • PC Auditor™, a system profiling tool that performs a basic audit / analysis of your system’s security and configuration settings and displays the results in your Internet browser.

    The scope of the analysis includes the current user and computer, local policies, Windows Security Centre status, disks, network settings, local security accounts, and your system’s Regional and Language Options. View sample report...

  • Windows Firewall Analyser, summarises configuration settings and lists the active Firewall profile and Firewall rules.

  • SekCrypt™, an industry strength file encryption / decryption utility. SekCrypt is fast and uses robust, state-of-the art encryption algorithms, such as AES and RSA.

  • A tool that queries hidden Active Directory properties on security accounts.

    Examples are the date/time that an account was last used to logon to a system and an account’s unique SID (Security Identifier) or GUID (Globally Unique Identifier). The tool will query all domain controllers (DCs) to obtain accurate values for properties that are not replicated across DCs by the Windows OS.

  • List Installed Products, summarises products installed on your system by MSI.

  • List Missing Updates, details Windows updates and hot fixes that are not installed on your system.

  • Search Event Log, queries the Application and System Event Logs for Error and Warning Events.

  • A tool that queries access permissions defined on files and folders on local and remote systems. The tools lists an object’s attributes and Discretionary Access Control List (DACL), including all Access Control Entries (ACEs).

  • A utility that resolves SIDs to their friendly names. E.g. S-1-5-21-2555888094-1722010140-3448673252-500 to MyDomain\Administrator and S-1-5-32-544 to Builtin\Administrators group.

  • A tool that finds orphaned SIDs defined on files and directories in NTFS. Orphaned SIDs typically belong to security accounts that no longer exist on your system.

  • A file hashing function that is useful for confirming whether the contents of a file have been changed.

  • A tool that lists open files, shows open shared files, the file accessors and the file open mode.

  • A Ping utility for testing connectivity to other systems and domains on your network.

These utilities are embedded in the SekChek Classic and Local software.

Do you have a Non-Disclosure Agreement (NDA)?[Top]

Yes, we have a mutual confidentiality agreement, which we implement with many of our clients.

If you would like to put an NDA in place between SekChek and your organisation, the quickest way to do this is to:

We will sign and return the NDA to you within 24 hours.

How do I get technical support for your products?[Top]

You may find the answer to your question on one of the technical support pages.

Failing that, request assistance from an experienced security analyst at our technical support Helpdesk.

What other organisations provide information about SekChek?[Top]

Depending on the type of information you are looking for, you may find it on well known information services and research sites.

Some of the more reputable and respected sites are:

If you are looking for old press releases and news articles, you can try: PR Newswire, IT Security, DABCC, Network World, sys-con.tv, Red Orbit and Free Press Release.

How green is SekChek?[Top]

Very.

When SekChek was conceived we were determined to build a business that was caring and sustainable.

These are some of the ways we have managed to minimise the impact of SekChek, and its clients, on our fragile environment:

  • Paper savings. From the outset, we designed the business to be (almost) paper-less. For example, we only produced SekChek reports, Scan files and business records in electronic format. For formal documents and contracts we used digital signatures, rather than pen-based signatures written on paper.

    However, it took several years - until 2012 - before we were able to eliminate all paper-based administrative documents, particularly those exchanged with SekChek’s suppliers and clients.

    We now feel very proud to say that SekChek is a totally paper-less business.

    To reinforce this, we have disposed of all paper-generating printers from our systems and domain!

  • Fuel savings. Prior to SekChek's formation it was common practice for auditors and consultants to fly, or drive to their clients' premises to perform security reviews.

    With SekChek this is not necessary because security reviews are carried out via email and over the Internet.

  • Electricity savings. SekChek’s policy is to purchase computers and devices that employ the latest power-saving technologies and design features. This ensures electricity-powered equipment is automatically powered down, or switched to standby mode, when not in use.

    We have also made maximum use of system virtualisation, which has dramatically reduced the number of boxes required to run SekChek’s business systems. All servers and workstations are virtualised.

We are pleased to see that our shared concern has become more prominent and important to many businesses and government departments in recent years!

What does SekChek cost?[Top]

The cost of using SekChek depends on the tool type (Classic or Local), the audit scope (an entire domain or a member Server) and the number of SekChek units purchased.

For example, the cost of analysing a member Server with the SekChek Local tool starts at around US$70, while the cost of analysing an entire domain starts at around $240.

Please write to us for details of pricing and SekChek’s discounting policy.

Tell me about your subscription service![Top]

The most convenient and cost effective way to use SekChek is through a subscription. The pricing structure is very simple and the more SekChek units you subscribe to, the less each audit costs. Contact us for more details.

Prices are consistent across the entire SekChek range (AS/400, NetWare, Windows and UNIX), so you only need purchase one subscription. You are free to choose and mix different SekChek services and tools (e.g. SekChek Classic and Local) in the same subscription.

Once your subscription is confirmed you just send us your security files for processing any time you are ready. From time to time we will send you a statement indicating your usage of SekChek and we will issue a reminder just before your subscription is consumed. Subscriptions have no time limits attached to them.

What payment options are available?[Top]

Direct (Bank-to-Bank) transfer
This is the preferred option. In general, it is the quickest and safest payment method.

Credit Card payments
We can also accept payment via a secure Credit Card payment system managed by Kagi.

Contact us for more information on these payment methods.

I would like to evaluate SekChek. Can I get a free trial?[Top]

Most certainly!

Simply write to us indicating which product you would like to trial. One of our security analysts will provide you with the necessary software and all the advice you need to get started.

See also Getting Started with SekChek.

How do I get started with SekChek?[Top]

Please refer to Getting Started with SekChek.

How do I manage my account?[Top]

After your SekChek account has been setup and you start using the SekChek service, you may be wondering how you can control and track usage of your account and ensure the process runs smoothly.

To help you make the best decisions we have compiled a list of tips and ideas, which indicate some of the management options available to you.

Please see the following page for details: Managing your account.

Does SekChek support charities?[Top]

Yes, other than direct donations to specific charities, we offer significant discounts on our published prices to registered charities and other worthy causes. Please contact us for details.

Why can’t the Encrypt function see my Scan files?[Top]

The most likely reason is that your Scan file is incorrectly named. For example:

  • SekChek for AS/400: The files must have ‘.txt’ extensions, such as PROFBAS.TXT, SYSVALS.TXT.
  • SekChek for UNIX: The file must be named sekunf.z or sekunf.tar. In certain cases you may have a collection of ‘.txt’ files, such as hostname.txt etc.
  • SekChek for Windows: The file must be named SEK2KF.ZIP (an Active Directory Scan file) or SEKNTF.ZIP (Windows Server).
  • SekChek for Netware: The file must be named SEKNEF.ZIP.

Important  Extended filenames

SekChek will also recognise extended filenames, such as ‘SEK2KF MyHost.zip’, as long as the filename begins with ‘SEK2KF’. For more information see Encrypting a Scan file / File naming conventions

I cannot decrypt my SekChek Report file: Incorrect pass-phrase / password[Top]

The most common causes of file decryption problems are:

  • The Report package originated from another person’s user account. SekChek passwords are unique to each user profile.
  • Your default encryption password was changed by the person running the Scan process
  • You copy/pasted the decryption password from an advisory email and inadvertently included the trailing space character
  • The file you are trying to decrypt may be a Scan file (SEKxxF.ZIP) and not a SekChek Report package (SEKxxR.SCK). Scan files are encrypted using special encryption techniques, so they can only be decrypted at our premises.

If you have forgotten the password for your Report package, you can use our automated Service Request system to obtain decryption passwords for the last 10 SekChek reports that were sent to your email address.

You can also access the Service Request system via the SekChek Classic software (Utilities tab) and SekChek Local (Actions menu).

Please ensure you do not change the email subject text (SRequest=FileCodes).

‘Internet Explorer restricted this webpage from running scripts...’
when opening a SekChek report[Top]

Message: ‘Internet Explorer restricted this webpage from running scripts or ActiveX controls’ when opening a SekChek report that was created on your PC.

IE restricted message

This is due to a security setting in Internet Explorer, which prevents scripts from running on your PC. The scripts format the web page and display Help information in a pop-up window.

To allow the scripts to run for this page only, click ‘Allow blocked content’.

To allow scripts to run on all pages, enable IE option ‘Allow active content to run in files on My Computer*’.

You can find this option via: Internet Options | Advanced | Security | Allow active content to run in files on My Computer*

IE option

‘SekChek’s digital certificate is expired or damaged...’
when you enable PKI features[Top]

It is possible that the certificate has expired.

However, the most likely reason is that your system’s policies prevent third-party Root CAs from being trusted. This is particularly common on systems that are running MS-Vista.

Try to install SekChek’s Root certificate manually, via the Certificate Import Wizard. (double-click on file SekRoot.cer, which is located in SekChek’s installation directory)

If your system prevents third-party Root CAs from being trusted, Windows-XP may display one of the following messages:

  • "An error occurred during the addition of a certificate to the Trusted Root Certification Authorities store."
  • "The import failed because the store was read-only, the store was full, or the store did not open correctly."

With MS-Vista your system may not display any error message, but the certificate may be installed in your system’s Intermediate CA store, instead of the Trusted Root CA store. This may occur even though you explicitly requested the certificate to be installed in the Trusted Root CA store.

The solution is to amend policy to ensure your system trusts SekChek’s Root CA (only) or all third-party Root CAs.

‘Setup fatal error: Unable to generate installation log file...’
when installing SekChek software[Top]

This error typically occurs if the account being used to install the SekChek Client software does not have Write permissions on Folder C:\Windows\. The Setup routine uses this Folder to store its bootstrap / temporary installation files.

You can check this by viewing the security permissions on your system’s C:\Windows\ directory (right-click on the Folder | Properties | Security Tab).

The solution is to install the SekChek software with an account that has sufficient permissions for the Folder.

‘The Page Cannot be Displayed’ when I open SekChek’s Help file[Top]

A variation on this message is Navigation to the webpage was cancelled.

IE navigation was cancelled

These messages are caused by a Microsoft security update and security settings on your PC that prevent executable files (EXE, CHM files etc) not residing on a local path on your PC from being executed. This occurs for example, when you open SekChek.chm directly from SekChek’s web site or from a shared network path.

The solution is to download the Help file (SekChek.chm or SekLocal.chm) to a local drive on your PC and open the file from there.

If the above message is still displayed after moving the file to a local directory on your PC, make sure the file is not blocked. (right-click the file | View properties | Click Unblock file)

IE blocked the Help file

‘NTVDM encountered a hard error’ when executing the Scan software[Top]

When you attempt to execute the SekChek for Windows Scan software (SEKWIEXT.EXE) a warning message box is displayed:

  • With the title ‘ntvdm.exe - System Error’ and text ‘NTVDM encountered a hard error.’, reply Close or Ignore OR
  • The version of this file is not compatible with the version of Windows you’re running.... OR
  • ‘Program too big to fit in memory’
The version of this file is not compatible...

The errors occur because file SEKWIEXT.EXE is corrupt. This is typically due to tampering by anti-virus software, especially when the EXE is transmitted by email.

The solution is to obtain a fresh copy of SEKWIEXT.EXE or to recreate the file via the SekChek Client software. The size of file SEKWIEXT.EXE is about 1.4 MB.

You can also download a copy from here: Download SekChek for Windows Scan software (SEKWIEXT.EXE)

SekChek for..

Popular Downloads..

Popular Links..