AttackSurfaceAnalyzer icon indicating copy to clipboard operation
AttackSurfaceAnalyzer copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Exclude Volatile Registry Keys

Open gfs opened this issue 5 years ago • 1 comments

The .NET Core RegistryKey takes RegistryOptions when creating a key but does not expose the options when you open a key. Volatile keys don't persist across reboots, so they should be considered pretty low importance. We should at least tag keys which are volatile for use in analysis, if not exclude them entirely (perhaps with option)

gfs avatar May 06 '19 18:05 gfs

There might be a way to do this by P/Invoke using the example here: https://stackoverflow.com/questions/4432977/is-there-a-way-to-verify-if-a-windows-registry-key-is-volatile-reg-option-volat

gfs avatar May 06 '19 19:05 gfs