Suspicious Changes To File Associations

Description

This search looks for changes to registry values that control Windows file associations, executed by a process that is not typical for legitimate, routine changes to this area.

   Help

Suspicious Changes To File Associations Help

To successfully implement this search you need to be ingesting information on registry changes that include the name of the process responsible for the changes from your endpoints into the Endpoint datamodel in the Processes and Registry nodes.

   Search

Open in Search