The Registry Access Monitor task is designed to track actions performed with the specified registry branches and keys in the monitoring scopes defined in the task settings. The task tracks actions within the operating system installed on the device or within the containers Windows Server 2016 and later defined in the monitoring scope. You can use the task to detect the changes indicating a security breach on the protected device.
To start the Registry Access Monitor task, you must configure at least one monitoring rule.
Page top