Jump to content
Important Announcement: Planned Forum Shutdown ×
Important Announcement: Planned Forum Shutdown

Add Exception for Registry Keys

Green Mountain IT
 Share

Recommended Posts

Green Mountain IT

Green Mountain IT

Posted
Posted

Hello,

I have several false positives for registry keys relating to group policies that prevent users from accessing Task Manager, Command Prompt, Registry Editor, etc.

I am seeing quarantines such as:

"Setting.DisableRegistryTools (A)" in "Value: HKEY_USERS\S-1-5-21-365083775-2236518244-184172837-1136\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS"

How can I add reg entries as an exclusion?

I am using the cloud console. I found the detection and checked the boxes to Restore and Add Exclusion, and the Restore worked but I am not seeing any Exclusion added. Also I only see options to exclude Files or Folders. How can I exclude reg keys?

Thanks for looking.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
11 hours ago, Green Mountain IT said:

I have several false positives for registry keys relating to group policies that prevent users from accessing Task Manager, Command Prompt, Registry Editor, etc.

Technically these aren't fall positives. They're common modifications made by malware that hamper troubleshooting, and are usually considered undesirable outside of a corporate environment where the administrator has determined that these system tools should not be available to regular users on the system.

 

11 hours ago, Green Mountain IT said:

How can I add reg entries as an exclusion?

In the scan results, simply right-click on the entry you want to exclude and select Add to exclusions. This should prevent it from being detected in future scans.

Link to comment
Share on other sites
Green Mountain IT

Green Mountain IT

Posted
  • Author
Posted
5 hours ago, GT500 said:

Technically these aren't fall positives. They're common modifications made by malware that hamper troubleshooting, and are usually considered undesirable outside of a corporate environment where the administrator has determined that these system tools should not be available to regular users on the system.

Understood.

 

5 hours ago, GT500 said:

In the scan results, simply right-click on the entry you want to exclude and select Add to exclusions. This should prevent it from being detected in future scans.

Will this apply the exclusion to the entire workspace? Or must it be done for each client. It would be convenient to be able to add registry exceptions pro-actively, long-term.

Thanks for your help.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
20 hours ago, Green Mountain IT said:

Will this apply the exclusion to the entire workspace? Or must it be done for each client.

Registry exclusions can't be added manually, and can't be added via a workspace, so this procedure would have to be performed on each workstation separately.

If you want to set this via a workspace policy then there's a setting in the Scanner Settings labeled Detect registry policies settings that you can disable, and that should prevent these detections as well. This setting can be configured in policies, and individually for each device that Emsisoft Anti-Malware is installed on (in the "Protection Settings" category).

image.png

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 07/04/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...