Registry

Registry objects are defined by their absolute path in the registry. By setting up Registry objects and determining the access rights of specific processes to them you may further increase the security inside of your computer. Monitoring of registry access by certain processes may bring you information important for follow up analysis.

To add Registry object click on the "Add new" icon and enter appropriate details. Refer to Sandbox Objects chapter for more information about general and common values.

To enter the registry path use following name syntax:

CONFIG = HKEY_CURRENT_CONFIG

CURRENT_USER = HKEY_CURRENT_USERS

CLASSES_ROOT = HKEY_CLASSES_ROOT

MACHINE = HKEY_LOCAL_MACHINE

USERS = HKEY_USERS

Use following examples when defining the registry objects:

Example 1 - Trust Providers\SW Publ key for user currently logged in

CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

Example 2 - definition of application path of Internet Explorer

MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE