CIS Benchmark for Windows 10 Not working after upgrading agents to v4.14.1
99 views
Skip to first unread message
Subhabrata
Nov 18, 2025, 2:11:31 AM (5 days ago) Nov 18
to Wazuh | Mailing List
After upgrading to v4.14.1 Wazuh CIS Benchmark not showing for Windows 10 agents. Windows 11 is fine.
Any ways to fix it ?
alberto...@wazuh.com
Nov 18, 2025, 8:48:22 AM (5 days ago) Nov 18
to Wazuh | Mailing List
Hi,
To better understand why the Windows 10 checks might not be working after the upgrade, could you please share the following information:
Looking forward to your response.
Below is the current list of CIS Benchmarks supported by Wazuh as of version 4.14.1: Available SCA policies
To better understand why the Windows 10 checks might not be working after the upgrade, could you please share the following information:
- The exact version of the Wazuh Agent installed on the affected Windows 10 system.
- Any relevant entries or errors from the ossec.log file related to the CIS module
- Whether the Windows 10 system meets the expected baseline version for the CIS Benchmark.
- If you are seeing the module start but no checks being executed, or if it fails to initialize entirely.
Looking forward to your response.
Subhabrata
Nov 18, 2025, 8:34:57 PM (4 days ago) Nov 18
to Wazuh | Mailing List
Wazuh Agent v4.14.1
Nov 17, 2025 @ 14:55:24.000 sca INFO Loaded policy '/var/ossec/ruleset/sca/cis_win10_enterprise.yml'
Nov 17, 2025 @ 14:56:40.000 wazuh-modulesd WARNING Failed to load YAML document in /var/ossec/ruleset/sca/cis_win10_enterprise.yml:201
Nov 17, 2025 @ 14:56:40.000 sca WARNING Error found while parsing file: '/var/ossec/ruleset/sca/cis_win10_enterprise.yml'. Skipping it.
Subhabrata
Nov 18, 2025, 8:34:58 PM (4 days ago) Nov 18
to Wazuh | Mailing List
Wazuh v4.14.1
Nov 17, 2025 @ 14:55:24.000 sca INFO Loaded policy '/var/ossec/ruleset/sca/cis_win10_enterprise.yml'
Nov 17, 2025 @ 14:56:40.000 wazuh-modulesd WARNING Failed to load YAML document in /var/ossec/ruleset/sca/cis_win10_enterprise.yml:201
Nov 17, 2025 @ 14:56:40.000 sca WARNING Error found while parsing file: '/var/ossec/ruleset/sca/cis_win10_enterprise.yml'. Skipping it.
On Tuesday, November 18, 2025 at 7:18:22 PM UTC+5:30 alberto...@wazuh.com wrote:
alberto...@wazuh.com
Nov 19, 2025, 10:57:37 AM (3 days ago) Nov 19
to Wazuh | Mailing List
Thanks for sharing this.
Please review your current CIS policy file for Windows 10 Enterprise and compare it with the one attached to check for any differences in structure or custom entries. Once you’ve validated that, try running the scan again and let us know the results.
Regards,
Pedro De Castro
Nov 20, 2025, 4:09:18 AM (3 days ago) Nov 20
to Wazuh | Mailing List
hey Subhabra,
I have been testing the SCA policy you mentioned, and you are right, it's broken, or at least I can see the same error that you posted at the beginning, and I did all my testing with an out-of-the-box Wazuh v4.14.1 Windows 10 policy (https://github.com/wazuh/wazuh/blob/v4.14.1/ruleset/sca/windows/cis_win10_enterprise.yml).
2025/11/20 08:22:10 wazuh-modulesd: WARNING: Failed to load YAML document in /var/ossec/ruleset/sca/cis_win10_enterprise.yml:201
2025/11/20 08:22:10 sca: WARNING: Error found while parsing file: '/var/ossec/ruleset/sca/cis_win10_enterprise.yml'. Skipping it.
I did two tests, one in a Ubuntu 24 agent host, and another in a Windows 10 Pro. I had the same error in both.
My agent version is:
{
"version": "4.14.1",
"stage": "rc2",
"commit": "d77f67c"
}
I have been testing the SCA policy you mentioned, and you are right, it's broken, or at least I can see the same error that you posted at the beginning, and I did all my testing with an out-of-the-box Wazuh v4.14.1 Windows 10 policy (https://github.com/wazuh/wazuh/blob/v4.14.1/ruleset/sca/windows/cis_win10_enterprise.yml).
2025/11/20 08:22:10 wazuh-modulesd: WARNING: Failed to load YAML document in /var/ossec/ruleset/sca/cis_win10_enterprise.yml:201
2025/11/20 08:22:10 sca: WARNING: Error found while parsing file: '/var/ossec/ruleset/sca/cis_win10_enterprise.yml'. Skipping it.
I did two tests, one in a Ubuntu 24 agent host, and another in a Windows 10 Pro. I had the same error in both.
My agent version is:
{
"version": "4.14.1",
"stage": "rc2",
"commit": "d77f67c"
}
Screenshot from terminal in Windows:
I already told the team about this bug, they are addressing it as a high-priority issue since it could be impacting a lot of installations.
Thanks so much for detecting and reporting Subhabra, and sorry for the trouble.
In the meantime I tried to roll back to the policy version in Wazuh 4.12.0, and it's working fine for me. You can find it here: https://raw.githubusercontent.com/wazuh/wazuh/refs/tags/v4.12.0/ruleset/sca/windows/cis_win10_enterprise.yml
I will keep you posted.
Regards,
Thanks so much for detecting and reporting Subhabra, and sorry for the trouble.
In the meantime I tried to roll back to the policy version in Wazuh 4.12.0, and it's working fine for me. You can find it here: https://raw.githubusercontent.com/wazuh/wazuh/refs/tags/v4.12.0/ruleset/sca/windows/cis_win10_enterprise.yml
I will keep you posted.
Regards,
Pedro.
Reply all
Reply to author
Forward
0 new messages