The Registry Keys tab shows all relevant registry value modifications reported in the External Notification.
The table for this tab includes the following columns.
Column |
Description |
---|---|
Sequence |
Sequence of registry access attempts when a suspected malware instance is analyzed by the network security device. |
Process |
Process reported by the network security device. |
Process MD5 |
MD5 hash of the process |
Process Path |
Path location of the process reported by the network security device |
Key |
Registry key reported by the network security device (truncated to the right when displayed) |
Name |
Registry field name reported by the network security device |
Value |
Registry field value reported by the network security device |
Operation |
Operation on a registry key (setval, added, etc.) |
If a process that attempted access to the registry key is known to the Carbon Black App Control Server, its listing here includes a View Details button, which opens the File Details page for this process.
The Action menu for this tab includes the following commands for selected files:
- Ban Process Globally – Bans process file(s) for all policies; requires no further configuration
- Ban Process By Policy – Opens a dialog box for creation of policy-specific and report-only bans
- Remove Process Approval Or Ban – Removes any active bans/approvals immediately.
- Create Registry Rule – Opens an Add Registry Rule page with pre-populated values to create a rule to ban this process from accessing the registry keys reported in the notification. See Create a Registry Rule from a Notification Details Page for more details.