ESET Online Help

Search

Select the category

Components and supported operations > RegistryItem

Select the topic

RegistryItem

Return the information about registry events

Property	Type	Description	Example
Key	Path	The path of the key, contains the Value Name of the key	HKLM\SOFTWARE\ESET\EnterpriseInspector\EIAgent\CurrentVersion\Info
ValueLength	Int	The length of the key value	16
StringValue	String	The value of a string key	"ExampleValue"
IntValue	Int	The value of int key	32

Example of use

For registry key: "HKLM\SOFTWARE\Classes\CLSID\{12788EFC-0553-4126-A4E1-8AA0F5270615}\InprocServer32\CodeBase"

<operations>
  <operation type="RegSetValue">
     <operator type="AND">
         <condition component="RegistryItem" property="Key" condition="starts" value="HKLM\software\classes\clsid\" />
         <condition component="RegistryItem" property="Key" condition="contains" value="\InprocServer32\" />
         <condition component="RegistryItem" property="Key" condition="ends" value="\CodeBase" />

         <condition component="RegistryItem" property="StringValue" condition="contains" value="http" />
      </operator>
   </operation>
</operations>

Supported Operations and their components:

	RegistryItem
RegSetValue	X
RegDeleteKey	X
RegDeleteValue	X
RegRenameKey	X
RegRenameValue	X

˄˅