Registry Keys For Creating Shim Databases
This search looks for registry activity associated with application compatibility shims, which can be leveraged by attackers for various nefarious purposes.
This content is not mapped to any local saved search. Add mapping
Registry Keys For Creating Shim Databases Help
To successfully implement this search, you must populate the Change_Analysis data model. This is typically populated via endpoint detection and response products, such as Carbon Black or other endpoint data sources such as Sysmon. The data used for this search is typically generated via logs that report reads and writes to the registry.
Open in Search