Hi there.
For example, I'm a security analyst.
And I see this 24k alerts from "Web Control - Protect plug-in registry keys and values".
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ | 11991 |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ | 11991 |
HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\SITEADVISOR.MCAFEE.CHROME.EXTENSION\ | 204 |
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS\ | 30 |
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXT\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ | 28 |
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXT\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ | 14 |
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\JJKCHPDMJJDMALGEMBBLGAFLLBPCJLEI\ | 4 |
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\DSSREQUEST\ | 4 |
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\SITEADVISOR.MCAFEE.CHROME.EXTENSION\ | 4 |
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\SACORE\ | 4 |
I'm sure on 99% that this is false positive. But 1% tell me that I need to check it before excluding. How to check it? How to understand what those registries are responsibilities?
Solved! Go to Solution.
Hello,
I did some research and I found these registries in those places:
Articles regarding first two keys:
https://kc.mcafee.com/corporate/index?page=content&id=KB67500
https://kc.mcafee.com/corporate/index?page=content&id=KB87208
Third one:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"path"="C:\\Program Files (x86)\\McAfee\\SiteAdvisor\\McChPlg.crx"
"version"="1.02.187.2"
"update_url"="http://clients2.google.com/service/update2/crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
@="C:\\Program Files (x86)\\McAfee\\SiteAdvisor\\siteadvisor.mcafee.chrome.extension.json"
source: https://portableapps.com/node/54110
Fourth:
Fifth and sixth:
https://kc.mcafee.com/corporate/index?page=content&id=KB79933
Seventh:
https://kc.mcafee.com/corporate/index?page=content&id=KB87568
Eight:
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
Nineth:
Similar to 3rd one but in 64bit environment
Tenth:
Hi,
Unfortunately I am not aware of any full database and probably Microsoft do not want to share it.
I found these resourcers which could be helpful or at least a starting point:
Forensicswiki:
https://www.forensicswiki.org/wiki/Windows_Registry#Internet_Explorer
Public version of Microsoft Windows Registry Guide:
Hello,
I did some research and I found these registries in those places:
Articles regarding first two keys:
https://kc.mcafee.com/corporate/index?page=content&id=KB67500
https://kc.mcafee.com/corporate/index?page=content&id=KB87208
Third one:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"path"="C:\\Program Files (x86)\\McAfee\\SiteAdvisor\\McChPlg.crx"
"version"="1.02.187.2"
"update_url"="http://clients2.google.com/service/update2/crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
@="C:\\Program Files (x86)\\McAfee\\SiteAdvisor\\siteadvisor.mcafee.chrome.extension.json"
source: https://portableapps.com/node/54110
Fourth:
Fifth and sixth:
https://kc.mcafee.com/corporate/index?page=content&id=KB79933
Seventh:
https://kc.mcafee.com/corporate/index?page=content&id=KB87568
Eight:
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
Nineth:
Similar to 3rd one but in 64bit environment
Tenth:
Cool, thank you! To be honest, I thought nobody will answer, hehe.
Some of this information I found too.
Do you know, there is any Wiki or encyclopedia about all registries of Windows?
Hi,
Unfortunately I am not aware of any full database and probably Microsoft do not want to share it.
I found these resourcers which could be helpful or at least a starting point:
Forensicswiki:
https://www.forensicswiki.org/wiki/Windows_Registry#Internet_Explorer
Public version of Microsoft Windows Registry Guide:
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA