jrossi
commented
10 years ago Thank you for noticing this. When checking for new entries in the syscheck database, the routine is generic and cannot distinguish a File from a Registry entry easily. For performance consideration, I would rather not trying to fix this.
Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2013-03-28 01:31:38+00:00
When alerting on new files, a new registry entry will be alerted as a file.
Rule: 554 fired (level 5) -> "New File Added" Portion of the log(s):
New file 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BTCFilterService\Enum' added to the file system.
--END OF NOTIFICATION
Note: This issue has been automatically migrated from Bitbucket Created by mstarks01 on 2012-09-01 21:16:21+00:00, last updated: 2013-03-28 01:31:37+00:00