Message Image

Skip main navigation (Press Enter).

IT Management Suite

View Only

Back to discussions

Expand all | Collapse all

Detection rule off HKEY_CURRENT_ User

Jump to Best Answer

Cody DirrigleMay 16, 2019 02:33 PM

I have a detection rule "Registry Key Value" this is looking for: Registry Key Path: HKEY_CURRENT_USER\Software\Meditech\Wrkstn\MEDITECH_A ...

WDRAIN1Jul 30, 2019 07:26 PM

Hey Cody, Did you ever get a solution for your question? I have a similiar issue as well. Regards ...

Cody DirrigleAug 05, 2019 02:55 PMBest Answer

Yes I did, it was my own fault, I forgot to check the box for subkey on my detection check rule

1. Detection rule off HKEY_CURRENT_ User

0 Recommend
Cody Dirrigle
Posted May 16, 2019 02:33 PM

Reply Reply Privately
I have a detection rule "Registry Key Value" this is looking for:

Registry Key Path: HKEY_CURRENT_USER\Software\Meditech\Wrkstn\MEDITECH_A

Registry entry: I

Registry Value: MEDITECH_A.chchealth.net

I also have the policy set to run as the current logged on user

One user does have the this reg entry but when logged in as users who don't have the detection rule still comes back with a success and the policy does not run, any idea why? It seems like its still searching the entire hive instead of just the current user
2. RE: Detection rule off HKEY_CURRENT_ User

0 Recommend
WDRAIN1
Posted Jul 30, 2019 07:26 PM

Reply Reply Privately
Hey Cody,

Did you ever get a solution for your question? I have a similiar issue as well.

Regards

William.
3. RE: Detection rule off HKEY_CURRENT_ User
Best Answer

0 Recommend
Cody Dirrigle
Posted Aug 05, 2019 02:55 PM

Reply Reply Privately
Yes I did, it was my own fault, I forgot to check the box for subkey on my detection check rule

Copyright 2019. All rights reserved.

Powered by Higher Logic