Registry Conditions

Registry conditions check whether or not registry keys and values exist on managed endpoints before applying any associated rules.

Condition Description
Registry Key Exists A condition that checks for the existence of specified registry keys on managed endpoints and applies associated rule items accordingly. The registry can be browsed to find keys, and sub keys can be identified if required. The Comparison drop-down allows the condition to check whether any specified key and sub key exists or not.
Registry Value Exists A condition that checks for registry values on managed endpoints and applies associated rule items accordingly. Define the main and sub keys to be searched for the entered value. The value can be set using parameters to define the value name, type, and actual value.

Create a Registry Key Exists Condition

  1. Select the node for a Custom rule.
  2. In the work area, select Conditions > Registry > Registry Key Exists to display the Registry Key Exists dialog.
  3. Complete the following fields:
    • Hive - Browse to the required registry key. A standard registry browser is used to select the key.
    • The Key field is automatically populated from the selected registry item but can be manually edited.

      Comparison - Select the required option from the drop-down list:

      OptionDescription
      ExistsChecks whether a registry key exists. The sub key can be set or left blank so that the user can check for the main key only.
      Does Not ExistChecks whether a registry key does not exist. Uses the same behavior as the Exists comparison.
      Exists and contains sub-keysChecks whether a registry key exists and contains sub-keys.
  4. Click OK to save the condition.

Create a Registry Value Exists Condition

  1. Select the node for a Custom rule.
  2. In the work area, select Conditions > Registry > Registry Value Exists to display the Registry Value Exists dialog.
  3. Complete the following fields:
    • Hive - Browse to the required registry value. A Closedstandard registry browser is used to select the value.
    • The Key, Value name, Value type, and Value are automatically populated from the selected registry item but can be manually edited.
    • Comparison - Select the required option from the drop-down list:
      OptionDescription
      ExistsChecks if a registry value name exists regardless of type and value. The sub key can be set or left blank so that the user can check for a value name set under the main key only.
      Does Not ExistChecks if a registry value does not exist. Uses the same behavior as the Exists comparison.
      Value Type ExistsChecks the existence of a value name of a specific type e.g. REG_SZ, REG_DWORD etc. The Value type is available for selection and the main and sub key behavior is the same as Exists.
      Equal ToChecks if the registry value is equal to a specific value. The sub key can be set or left blank so that the user can check for a value name set under the main key only. The value type can be set, different value editors are displayed dependent on the selection. The Value field can be left blank as empty values are allowed in the registry.
      Not Equal ToChecks if the registry value is not equal to that which is specified. Uses the same behavior as the Equal to comparison.
      Less Than Less Than or Equal To Greater Than Greater Than or Equal ToChecks the registry value against the selected comparison. These are only available on the REG_DWORD & REG_QWORD value types. Uses the same behavior as the Equal to comparison.
  4. Select the required numerical system for the registry value - this can be either Hexadecimal or Decimal.
  5. Click OK to save the condition.

Related Topics