Support

Support for business applications

Kaspersky Embedded Systems Security 3.x

Registry Access Monitor

Managing the Registry Access Monitor via the Administration Console

Configuring monitoring rules

Kaspersky Embedded Systems Security 3.x
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Configuring monitoring rules

March 10, 2023

ID 223004

Save as PDF

The monitoring rules are applied one after another in line with their position in the list of configured rules.

To add a monitoring scope:

  1. In the Application Console tree, expand the System Inspection node.
  2. Select the Registry Access Monitor child node.
  3. Click the Registry Access Monitoring Rules link in the results pane of the Registry Access Monitor node.

    The Registry Access Monitoring window appears.

  4. In the Registry Access Monitoring window, specify a path using a supported mask to Add system registry key to monitor and click the Add button.

    Avoid using supported masks for the root keys, when creating the rules.
    If you specify only a root key, such as HKEY_CURRENT_USER, or a root key with a mask for all child keys, such as HKEY_CURRENT_USER\*, a vast number of notifications about addressing the specified child keys is generated, which results in the system performance issues.
    If you specify a root key, such as HKEY_CURRENT_USER, or a root key with a mask for all child keys, such as HKEY_CURRENT_USER\*, and select the Block operations according to the rules mode, the system is not able to read or change the keys required for OS functioning and fails to respond.

  5. On the Actions tab for the selected monitoring area, configure the list of actions as applicable.
  6. If you want to monitor certain Registry Values, do the following:
    1. On the Registry Values tab, click the Add button.
    2. In the Registry value rule window, enter the Controlled operations and set the required Controlled operations.
    3. Click OK to save the changes.
  7. If you want to define Trusted users, do the following:
    1. On the Trusted users tab, click the Add button.
    2. In the Select Users or Groups window, select the users or groups of users authorized to perform the defined actions.
    3. Click OK to save the changes.

    By default, Kaspersky Embedded Systems Security treats all users not on the trusted user list as untrusted, and generates Critical events for them. For trusted users, statistics are compiled.

  8. Click Save in the Registry Access Monitoring Area window.

    The specified rule settings are immediately applied to the defined monitoring scope of the Registry Access Monitor task.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.