Registry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry AutoStart locations, or specific malware registry modifications.
Â
Examples of processes that changed Registry:
- svchost.exe
- VSIXAutoUpdate.exe (Part of Microsoft Visual Studio)
- devenv.exe (Part of Microsoft Visual Studio)
- lsass.exe (Process in Microsoft Windows OS that is responsible for enforcing the security policy on the system)
- MsMpEng.exe (Part of Windows Defender)
- services.exe (Process in Microsoft Windows OS which manages the operation of starting and stopping services)
*These processes are all related to Microsoft OS/apps.
Â