Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
535 Views 5 Replies Latest reply: Jan 17, 2014 9:13 AM by shakira RSS
c14us Newcomer 10 posts since
Aug 22, 2013
Currently Being Moderated

Nov 14, 2013 1:47 PM

Custom HIPS rule to deny creation of Reg Key

I’m aiming to deny creation of a registry key [HKCU\Software\CryptoLocker]

 

But I can only get it to respond to registry deletion of the key, with the below code. It will not deny the creation of the key.

I've tried dusins of variation, but have not succeded in getting the correct setup.

Hope someone can help me.

 

Regards

Claus

 

 

 

 

Rule {

tag "CryptoLocker Registry Protection 3 test"

Class Registry

Id 4005

level 4

keys { Include "\\REGISTRY\\CURRENT_USER\\*\\CryptoLocker" }

directives registry:permissions registry:delete registry:modify registry:create

}

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points