The window showing information about Registry modified events contains the following details:
Click the link to display information about the TAA (IOA) rule. If the rule was provided by Kaspersky experts, it contains information about the triggered MITRE technique as well as recommendations for reacting to the event.
The field is displayed if a TAA (IOA) rule was triggered when the event was created.
When changing the name or value of a registry key, you may see additional fields containing information about the state of the registry key prior to its modification:
Kaspersky Anti Targeted Attack Platform receives the data required to populate the Previous registry key, Previous registry value, Previous registry value type fields only when Kaspersky Anti Targeted Attack Platform is integrated with the Kaspersky Endpoint Agent for Windows program version 3.10 and higher. When integrating the program with older versions of the Kaspersky Endpoint Agent, the fields are not displayed in the event information.
If you are using dynamic IP addresses, the field displays the IP address assigned to the host at the moment when the event was created.
The program does not support IPv6. If you are using IPv6, the IP address of the host is not displayed.
You can view information about the modification of the selected register key by editing or replacing the Kaspersky Anti Targeted Attack Platform configuration file. To edit or replace the configuration file of the program, you must contact Technical Support.
You are strongly advised not to perform any operations with the Kaspersky Anti Targeted Attack Platform configuration file in Technical Support Mode without advice or instructions from Technical Support staff.