Suspicious Changes To File Associations
This search looks for changes to registry values that control Windows file associations, executed by a process that is not typical for legitimate, routine changes to this area.
This content is not mapped to any local saved search. Add mapping
Suspicious Changes To File Associations Help
To successfully implement this search you need to be ingesting information on registry changes that include the name of the process responsible for the changes from your endpoints into the
Open in Search