How do I create a registry detection check for a DWORD value?

book

Article ID: 169943

calendar_today

Updated On:

Products

Software Management Solution

Issue/Introduction

How do I create a registry detection check for a DWORD value? DWORD values are not working for detection or applicability rules.

Cause

DWORD values are not natively supported, however there is a way to configure a registry rule to work with DWORD values.

Resolution

By adding dword: to the front of your value, you can use DWORD values in your detection check. See this screenshot for examples of how this should be configured:

Registry example:

Rule Configuration:

Note that you should use Substring as the Match criteria.

Attachments