Deep Security 11 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
RegistryKeySet
The RegistryKeySet tag describes a set keys in the registry (Windows only).
Tag Attributes
These are XML attributes of the tag itself, as opposed to the attributes of the Entity monitored by Integrity Monitoring Rules.
| Attribute | Description | Required | Default Value | Allowed Values |
| base | Sets the base key of the RegistryKeySet. Everything else in the tag is relative to this key. The base must begin with one of the following registry branch names: HKEY_CLASSES_ROOT (or HKCR), HKEY_LOCAL_MACHINE (or HKLM), HKEY_USERS (or HKU), HKEY_CURRENT_CONFIG (or HKCC) |
Yes | N/A | String values resolving to syntactically valid registry key path |
Entity Set Attributes
These are the attributes of the Entity that can be monitored by Integrity Monitoring Rules.
- Owner
- Group
- Permissions
- LastModified ("LastWriteTime" in Windows registry terminology)
- Class
- SecurityDescriptorSize
Short Hand Attributes
- STANDARD: Group, Owner, Permissions, LastModified
Meaning of "Key"
Registry Keys are stored hierarchically in the registry, much like directories in a file system. For the purpose of this language the "key path" to a key is considered to look like the path to a directory. For example the "key path" to the "Deep Security Agent" key of the Agent would be:
HKEY_LOCAL_MACHINE\SOFTWARE\Trend Micro\Deep Security Agent
The "key" value for includes and excludes for the RegistryValueSet is matched against the key path. This is a hierarchical pattern, with sections of the pattern separated by "/" matched against sections of the key path separated by "\".
Sub Elements
- Include
- Exclude
See Integrity monitoring rules language for a general description of include for their allowed attributes and sub elements.
