App Control: Registry Rule is Not Working as Expected
search cancel

App Control: Registry Rule is Not Working as Expected

book

Article ID: 288837

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Registry Rule is not working as expected after creating it

Environment

  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

There are differences between Registry vs Custom Rules to take into consideration

Resolution

  • If a path ends with a "\", it matches only the key at that path. If a path ends in “\*”, the rule applies to all keys, sub-keys, and values underneath that path
  • If a path ends without a slash or wildcard, it applies only to a value (not a key) matching the path  
    For example: HKLM\SOFTWARE\FileReader\9.0\ViewOutput would match a value named "ViewOutput" but not a key named "ViewOutput"
  • Macros are not supported in the Registry Path
Powered by Wolken Software