Loading...

Knowledge Center


Large number of registry modification events for the path \REGISTRY\A on Windows 7 endpoints with Change Control
Technical Articles ID:   KB84679
Last Modified:  4/9/2017

Environment

McAfee Change Control (MCC) 6.2.0, 6.1.x
McAfee Integrity Control (MIC) 6.2.0, 6.1.x
Microsoft Windows 7

Problem

You observe a large number of registry modification events reported on the ePO server for the path \REGISTRY\A on Windows 7 endpoints with Change Control.

Solution

Technical Support will include a rule to suppress the registry modification events in the Integrity Monitor policy in an upcoming release.

Workaround

Add a registry exclusion rule to suppress the registry modification events.

To create a registry exclusion rule for \REGISTRY\A, follow the steps below:
  1. Log on to the ePO console.
  2. Select Menu, Policy, Policy Catalog.
  3. Select the Solidcore 6.2.0: Integrity Monitor product.
  4. Select Integrity Monitoring Rules (Windows) as the Category.
  5. Click Actions, New Policy to open the New Policy dialog box.
  6. Select the category.
  7. Select Blank Template from the Create a policy based on this existing policy list to define a policy from scratch.
  8. Specify the policy name, then click OK.
  9. Click the policy name to open the Policy Settings page.
  10. Add the monitoring exclusion rule to the policy.
    1. Click Add on the Registry tab. The Add Registry dialog box appears.
    2. Specify the registry key \REGISTRY\A, select exclude from monitoring, and click OK.
  11. Save the policy.
  12. Apply the policy on the endpoints that are generating large number of events for the registry path \REGISTRY\A.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.