Endpoint Admission Defense Help >> Operation Guide >> Registry Control Management >> Add/Modify Registry Control

Add/Modify Registry Control

This function helps add/modify the registry controls.

Operation Procedure

1. Enter the page for managing the registry controls.
   Approach 1: Select the User tab, and then click the User Security Policy link, and then click the link for the registry control management.
   Approach 2: Select the User tab, and then in the navigation tree select User Security Policy > Registry Control.
2. Click Add, or click of a policy in the registry control list.
3. Set the basic information and then set the default security mode.
4. Configure the registry entries in the registry control (click the Add button, and make configurations in the pop-up page).
5. Click OK.

Parameters

• Registry Entry Location: Location of the entry that is to be monitored, for example, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
• Default Action for Check Failure: Select the default action for check failure in the security level of the registry control item. Options are Monitor, Inform, Isolate, Kick Out, and Block and Kick Out. This parameter applies to the registry control item that does not use the global security mode when you add a security level. The global security mode is configured in on the User Security Policy > Security Level page and it has higher priority than this parameter setting.
• Service Group: Select a service group for the registry control. The service group ensures privilege management of the registry control. The administrators and maintainers can add the registry control to one of the service groups to which they have the management privilege.

Precautions

• The registry control name is not editable after it is added to the system, and it must be unique.
• If you enable global security mode and select a mode, the mode applies to all the registry controls no matter what security mode for each registry control you have selected. If the global security mode is not enabled, the security mode is the one you have selected when you add the registry control.
• A registry control must contain at least one registry entry.
• The key names in one registry control must be unique.
• In the page for adding/modifying registry entry, selecting the Default Key means that the registry entry is the default item for monitoring.A registry control can have only one default item.
• In the page for adding/modifying registry entry, the Key Value text box is available when Value Match or Value Not Match is selected for the Check Type option.
• In the page for adding/modifying registry entry, if the Key Value Type is REG_DWORD, the Key Value must be a decimal number between 0 and 4294967295.
• When modifying a registry control, you are not allowed to modify the service group to which the registry control belongs.