Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1254
Views
0
Helpful
0
Replies

FP alert - The registry was updated to add a debugger to the key

jmarcel2
Spotlight
Spotlight

‎04-21-2022 03:52 AM

Could you help me with issue we are facing? We use PatchMyPC-ScriptRunner.exe tool for automatic software deployment/checks and this tool is creating a records in the registry similar to:

 

\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XYZ.exe

 

Cisco CSE is generating events due to the registry changes -alert name:  The registry was updated to add a debugger to the key: Image File Execution Options.

 

Is there any way how to either mute or whitelist this activity? We have confirmation that usage of this tool is needed and necessary and that it is legitimate tool. 

 

I've tried to add the hash to the application whitelist + create file scan exclusion, but we still receive events. Based on the event the detection was made by behavioural engine.

 

I would appreciate any help.

 

thanks

marcel

3 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents