We are using Shavlik HFNetChkPro for patch scanning and deployment. Our scans are generating Registry access control (rule 816)alerts. The alerts are triggering as follows:
The process '<remote application>'(as user DOMAIN\User) attempted to access the registry key '\WHATEVER\PATH\TO\REGISTRY\KEY' The attempted access was an open (operation = OPEN/KEY).
Since CSA does not recognize Shavlik HFNetChkPro as a known application, it does not provide the option to run the Rules Wizard. What is the best method to create an exception for this event?