Information about changes in the registry

The window showing information about Registry modified events contains the following details:

• Tree of events.

  Displays the parent events and child events, and the links between them. The root node of the tree of events is the host whose events you are viewing.

  You can select events in the tree of events to view information about these events.

• Registry modified:
  • Event time—Time of registry modification.
  • Registry key path—Path to the registry key in which the change was made.
  • Registry value name—Name of the registry parameter.
  • Registry value—Value of the registry parameter.
  • Host name—Name of the host on which the registry modification was made.
  • User name—Name of the user that made the change in the registry.
• Parent process:
  • File—Path to the parent process file.
  • MD5—MD5 hash of the parent process file.
  • SHA256—SHA256 hash of the parent process file.

See also Event information Viewing the table of events Viewing information about an event Information about process startup Information about module loading Information about a remote connection Information about prevention rule triggering Information about document blocking Information about file creation Information about an event in the Windows log Information about port listening Information about driver loading Information about changing a host name Information about the alert Information about alert processing results

Page top