What is the logic behind monitoring the following key? 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Reliability'
I noticed that it is caught by monitoring : <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion</windows_registry> Do all of the keys there need to be watched? I get emails that saythe following: Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Reliability' Do I need to be concerned about this or can I set these to be ignored? James
