Solved

Can registry exceptions be made within Forefront Client Security?

Posted on 2010-09-01
3
634 Views
Last Modified: 2013-11-22
Greetings -

I use Group Policy Preferences extensively in my environment and Forefront Client Security is noticing when I write values to the "Run" keys in the registry and logging entries for these changes in the System Event Log.  This is flooding the logs given that Group Policy is updating every 60 minutes in my environment.

Is anyone aware of a way to authorize certain registry values to be written and ignored?  I can't find any way to do this in policy.  I can exclude files and folders but not registry keys.

Ideas?
0
Comment
Question by:amendala
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Expert Comment

by:Forror
ID: 33581239
*.reg  does not work?  Just curious myself, or possibly filter by REG_SZ or REG_DWORD to exclude those?

Just throwing suggestions.
0
 
LVL 7

Accepted Solution

by:
Forror earned 500 total points
ID: 33581336
Do not log events for files marked "Unknown"
 AM\Reporting\

DisableLoggingForUnknown
 On (1)

Off (0)
 R, S, C
 
Might help if the log events are being marked Unknown, not sure what errors or log message you were getting.
0
 

Author Closing Comment

by:amendala
ID: 33628644
This is the solution I implemented, though I found that there's a check box in the policy for this as well.  Thanks!  It works.
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Part One of the two-part Q&A series with MalwareTech.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question