Our detection rules on a software product do not detect a registry "Binary
Value".

1. Create or select a Binary Value registry key under any hive.
2. On any software product/package create a detection rule as a "Standard Rule".
3. Select either "Registry Key Value" or "Registry Key Version", we have tried
both and neither one detects the binary value.
4. In the detection rule input the exact path, entry and value on the registry
entry.
5. Save the rule.
6. Create a Managed Software Delivery policy for the software product/package.
7. Ensure the "Perform software compliance check using:" option is selected and
it is using the detection rule configured above.
8. Run the MSD policy on one or more clients.
9. The rule will return a status of "Not detected".

There are no errors or warnings in the logs. There is an informational entry
stating that the detection rule did not find the target.

We have tried converting the binary value from hex to decimal and using the
decimal value in the detection rule, it made no difference.

I have tested by creating a binary registry key under both HKCU and HKLM. They
were simple binary values of "10". The detection rules, either "Registry Key
Value" or "Registry Key Version", do not detect either key. Even converting the
hex "10" to decimal "2" does not work.

None

Design limitation.

An Enhancement Request has been submitted to our Developers to add the ability to detect a "Binary Value" registry entry in our Detection Rules.

Applies To

Seen on 7.1 SP2 MP1, 7.5 and 7.5 SP1.

Probably exists on all versions.