If you have an ASA with FirePOWER service module and the Malware license you can create a File Policy that blocks malware. Those policies use the SHA-256 hash of a file to check against Cisco's global security research (TALOS) to assign a verdict to the file. You can also add custom SHA-256 hashes to blacklist files as you wish.
Similarly the URL Filtering license can block URLs of certain categories, reputations, etc.
I'm not sure what you are asking with respect to registry keys. Those are present on Windows end systems. You can check for the presence or value of certain registry keys for remote access VPN users and grant or deny access accordingly. That requires an AnyConnect Apex license.
If you are asking about network access control (wired or wireless), you can do the same (and much more) with Cisco Identity Services Engine (ISE) via it's Posture capability.