Detection Rules OK for string, version, not for DWORD registry value ???
I try to include a detection rule, as I do often, no problem, but this time, I check a DWORD, not a string... And never detected, all the same registry there !!
Yes, I do set the type of the command line as "install", not a "custom" (as no detection check for custom :)
I make a few tries, FOR:
- Registry Key Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
- Registry entry: minRSAPubKeyBitLength
I put "registry Key Value" to match:
- Substring: c8
- entire string: 000000c8, x000000c8, dword:000000c8
No way, no detection, How did you do ? Id you do !