Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Can CSA permit read only access to the registry

Hi Can CSA be configured to permit read only access to registry settings and still block write access.

As far as I can tell I need to grant write access as well as read.

Many thanks

Ian Vickery

1 REPLY
Bronze

Re: Can CSA permit read only access to the registry

Registry access control rules (Windows only)

The behavior analysis creates these rule types but disables them by default. Registry access control rules are very powerful system control tools. Restricting access to a required registry key could produce undesired results.

The behavior analysis creates Registry Set variables based on the registry resources accessed during the logging period. These registry variables are broken into those that should be allowed and those that can be denied. Those allowed are registry keys accessed during the logging period. All others fall in the deny range. This deny applies only to write access. All registry keys are still allowed read access. You can enable these rules, but you should understand the restrictions you are imposing.

Use Registry Key Summary reports to help refine these rules, if needed.

255
Views
0
Helpful
1
Replies
CreatePlease to create content