How do I create a registry detection check for a DWORD value? DWORD values are not working for detection or applicability rules.
DWORD values are not natively supported, however there is a way to configure a registry rule to work with DWORD values.
By adding dword: to the front of your value, you can use DWORD values in your detection check. See this screenshot for examples of how this should be configured:
Note that you should use Substring as the Match criteria.