The Registry Path specifies the locations in the Windows Registry to which a rule applies.

The Source Process field for adding a registry path

All registry paths must begin with one of the following strings:

  • HKLM\

  • HKCU\

  • HKLM-SoftwareX86\

  • HKLM-SoftwareX64\

 

  • HKCU-SoftwareX86\

  • HKCU-SoftwareX64\

  • *\

Note:
  • You cannot use macros in the Registry Path.
  • If you enter a path that uses a key that is actually a link to other keys, the rule will not work. For example, a rule that uses a path containing CurrentControlSet will fail to work. You might consider using wildcards in place of the linked item (for example, ControlSet* in the previous case).

Using Wildcards

You can use wildcards (“*” for zero or more characters, “?” for one character) in the Registry Path. You can use wildcards to specify partial paths or multiple paths in the registry. The number of wildcards in a path is not restricted.

You can use wildcards to skip a level and make a rule apply to values (or sub-keys) of a sub-key, even if you don’t know their names. For example: *\myapp\*\* applies the rule only to keys or values below a sub-key of myapp, such as HKLM\myapp\apprunner\4.0 but it does not apply to sub-keys or values in myapp itself, such as HKLM\myapp\sharedfiles

Important: When you use wildcards, do not to create a rule that is so broad that it will interfere with activity that is required for legitimate use by an application or the operating system. Do not use the asterisk wildcard by itself in the Registry Path field, especially with rules that block all writes, unless you are certain it will not interfere with necessary operations on the agent computer. Registry rules may seriously impact the performance of an application or system.

Specifying Keys or Values

If a path ends with a "\", it matches only the key at that path. If a path ends in “\*”, the rule applies to all keys, sub-keys and values underneath that path.

If a path ends without a slash or wildcard, it applies only to a value (not a key) matching the path.

For example, HKLM\SOFTWARE\FileReader\9.0\ViewOutput matches a value named "ViewOutput" but not a key named "ViewOutput".

You can add more than one path to a Registry Rule. For more details, see Entering Multiple Paths or Processes. In the Registry Rule table, rules with more than one path show the first path in the Registry Path field followed by (multiple).