IT Management Suite

Expand all | Collapse all

Detection rule off HKEY_CURRENT_ User

Jump to Best Answer
  • 1.  Detection rule off HKEY_CURRENT_ User

    Posted 05-16-2019 02:33 PM

    I have a detection rule "Registry Key Value" this is looking for:

    Registry Key Path: HKEY_CURRENT_USER\Software\Meditech\Wrkstn\MEDITECH_A

    Registry entry: I

    Registry Value: MEDITECH_A.chchealth.net

     

    I also have the policy set to run as the current logged on user

    One user does have the this reg entry but when logged in as users who don't have the detection rule still comes back with a success and the policy does not run, any idea why? It seems like its still searching the entire hive instead of just the current user



  • 2.  RE: Detection rule off HKEY_CURRENT_ User

    Posted 07-30-2019 07:26 PM

    Hey Cody, 

    Did you ever get a solution for your question? I have a similiar issue as well.

    Regards

    William.

     



  • 3.  RE: Detection rule off HKEY_CURRENT_ User
    Best Answer

    Posted 08-05-2019 02:55 PM

    Yes I did, it was my own fault, I forgot to check the box for subkey on my detection check rule