• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 646
  • Last Modified:

Can registry exceptions be made within Forefront Client Security?

Greetings -

I use Group Policy Preferences extensively in my environment and Forefront Client Security is noticing when I write values to the "Run" keys in the registry and logging entries for these changes in the System Event Log.  This is flooding the logs given that Group Policy is updating every 60 minutes in my environment.

Is anyone aware of a way to authorize certain registry values to be written and ignored?  I can't find any way to do this in policy.  I can exclude files and folders but not registry keys.

Ideas?
0
amendala
Asked:
amendala
  • 2
1 Solution
 
ForrorCommented:
*.reg  does not work?  Just curious myself, or possibly filter by REG_SZ or REG_DWORD to exclude those?

Just throwing suggestions.
0
 
ForrorCommented:
Do not log events for files marked "Unknown"
 AM\Reporting\

DisableLoggingForUnknown
 On (1)

Off (0)
 R, S, C
 
Might help if the log events are being marked Unknown, not sure what errors or log message you were getting.
0
 
amendalaAuthor Commented:
This is the solution I implemented, though I found that there's a check box in the policy for this as well.  Thanks!  It works.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now