On 06/01/2014 09:37 PM, Trieu Ngo Duy wrote:
help me about active response. how to execute this command: REG ADD HKCU
\ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
\ DisallowRun in agent window ?
thank you very much..!
I have used the following to check the registry run key so maybe you
could use something similar for an active response:
%WINDIR%\system32\reg.exe query
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s |
%WINDIR%\system32\findstr.exe /BV "! REG.EXE" |
%WINDIR%\system32\findstr /BV "^$"
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
