logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to Search for Default Registry Locations

EDR: How to Search for Default Registry Locations

Environment

  • EDR Console
  • EDR Cloud

Objective

How to search for the following registry entries within EDR Process Search page;
  • HKEY_CLASSES_ROOT
  • HKEY_CURRENT_USER
  • HKEY_LOCAL_MACHINE
  • HKEY_USERS
  • HKEY_CURRENT_CONFIG

Resolution

  1. Log into the EDR console
  2. Navigate to the 'Process Search' page
  3. Use the search term regmod: followed by the registry key path to search for as documented below.
  • HKEY_CLASSES_ROOT
regmod:registry\machine\software\classes\*
 
  • HKEY_CURRENT_USER
regmod:registry\user\<SID OF USER>\*
 
  • HKEY_LOCAL_MACHINE
regmod:registry\machine\*
 
  • HKEY_USERS
regmod:registry\user\*
 
  • HKEY_CURRENT_CONFIG
regmod:registry\machine\system\*

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
1557
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.