The global exclusions for 6.x only include file types and folder paths. In 7.5 registry exclusions was added as a new feature. This document will discuss the registry exclusions for 7.5 and above versions.
To be able to add global exclusions for registry so that the fslx driver will ignore specified registry trees and or keys.
MACHINE = HKEY Local Machine
USERS = HKEY USERS
HKey Classes Root is a mapping to HKLU\Software\Classes (https://msdn.microsoft.com/en-us/library/windows/desktop/ms724475(v=vs.85).aspx ). To be able to do an exclusion for HKCR you have to map to \REGISTRY\MACHINE\Software\Classes\<path to tree>
HKey Current Users is a mapping to HKU\<SSID>. To be able to do an exclusion for HKCU you will have to map to \REGISTRY\USERS\<sid of user>\<path to tree>
\REGISTRY\<one of the above variable names from definitions>\SOFTWARE\<path to tree>
NOTE: the Global exclude is case sensitive any mistypes will be ignored by the fslx.sys driver.
The RegistyExludePaths does not exist by default and you can create it manually or use the svsadmin.exe to create the first by going to File>Global Excludes> right click anywhere in the windows>
New Exclude Entry> Select Registry> Use the information from the Syntax section.
Once you add the key you can verify it by reloading the global entry window in the svsadmin tool.
NOTE: Symantec suggests using the svsadmin tool to add global excludes. After the hex data “0x003” there is a tab and not multiple spaces. If you want multiple excludes do a new line for each exclude. Once you export the registry key you will see the multi-string converted to hex.
Same key above in regedit: