Use this SOAR action to delete a registry key from an asset.
- This action can be run from an alert and from a device. It can be run on only one alert or device at a time.
- This action can be performed on Windows devices only. If the action is performed on devices other than Windows, the error message: Action can only be performed on devices with WINDOWS OS displays.
- This action can be performed on Carbon Black Cloud devices only. If the action is performed on devices other than from Carbon Black Cloud, the error message: Cannot complete action. Asset does not exist displays.
- When the Delete Registry Key action is started, you are prompted to input the Registry Key Path. The registry key at the specified path is removed.
- If you attempt to delete a registry key with the same name at the same path, an error response is returned.
- Registry keys cannot be deleted as an immediate child for the parent keys
HKEY_USERSandHKEY_LOCAL_MACHINE.
