Blocking access for specific registry keys with an IPS policy in Critical System Protection (CSP)
Last Updated May 30, 2019
You need to restrict access to specific registry keys. Entering the keypath does not give any result, the keys still can be accessed and modified.
Critical System Protection (CSP)
No error message is given, the agent does accept the policy and seems to process it, other actions within the same policy do work as expected.
The HKEY_CURRENT_USER branch is a subset for the registry branch HKEY_USERS, without the information about the User ID.
If you need to restrict access to specific values, which are stored within the HKEY_CURRENT_USER branch, like:
HKEY_USERS\*\Software\Microsoft\Windows\Windows\ShellNoRoam\MUICache instead. Please take notice of the wildcard "*" between HKEY_USERS and Software. This does make sure, that all users are restricted, including the current user.
This does work for all keys located in this branch.
Any Windows operating system, in particular all registry keys, starting with HKEY_CURRENT_USER
ID: Titan Case 415-065-896
Imported Document ID: TECH165768
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe