The monitoring rules are applied one after another in line with their position in the list of configured rules.
To add a monitoring scope:
The Registry Access Monitoring window appears.
Avoid using supported masks for the root keys, when creating the rules.
If you specify only a root key, such as HKEY_CURRENT_USER, or a root key with a mask for all child keys, such as HKEY_CURRENT_USER\*, a vast number of notifications about addressing the specified child keys is generated, which results in the system performance issues.
If you specify a root key, such as HKEY_CURRENT_USER, or a root key with a mask for all child keys, such as HKEY_CURRENT_USER\*, and select the Block operations according to the rules mode, the system is not able to read or change the keys required for OS functioning and fails to respond.
By default, Kaspersky Embedded Systems Security treats all users not on the trusted user list as untrusted, and generates Critical events for them. For trusted users, statistics are compiled.
The specified rule settings are immediately applied to the defined monitoring scope of the Registry Access Monitor task.