Enterprise EDR: Do Regmod Events Show the Actual Registry Modifications?
Article ID: 289242
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Is it possible to see the registry changes in the regmod events?
Environment
- Enterprise EDR: All Supported Versions
- Windows OS: All Supported Versions
Resolution
Regmod events show the registry key that was changed they do not show what the actual change was
Additional Information
The Live Response API can be used to query registry values here
Feedback
Yes
No
Powered by
