The Registry Keys tab shows all relevant registry value modifications reported in the External Notification.

The table for this tab includes the following columns.

Table 1. Registry Keys Tab Columns

Column

Description

Sequence

Sequence of registry access attempts when a suspected malware instance is analyzed by the network security device.

Process

Process reported by the network security device.

Process MD5

MD5 hash of the process

Process Path

Path location of the process reported by the network security device

Key

Registry key reported by the network security device (truncated to the right when displayed)

Name

Registry field name reported by the network security device

Value

Registry field value reported by the network security device

Operation

Operation on a registry key (setval, added, etc.)

If a process that attempted access to the registry key is known to the Carbon Black App Control Server, its listing here includes a View Details button, which opens the File Details page for this process.

The Action menu for this tab includes the following commands for selected files:

  • Ban Process Globally – Bans process file(s) for all policies; requires no further configuration
  • Ban Process By Policy – Opens a dialog box for creation of policy-specific and report-only bans
  • Remove Process Approval Or Ban – Removes any active bans/approvals immediately.
  • Create Registry Rule – Opens an Add Registry Rule page with pre-populated values to create a rule to ban this process from accessing the registry keys reported in the notification. See Create a Registry Rule from a Notification Details Page for more details.