Malware can utilize a variety of registry locations to achieve persistence, including the popular HKLM\Software\Microsoft\Windows\CurrentVersion\Run path which is designed to automatically start applications when a user logs on, usually apps you find in the system tray. |
Unfortunately, the Windows registry includes dozens of registry paths where applications can register themselves, and changes made there often remain undetected.
EventSentry Benefits |
||
Autorun Monitoring EventSentry monitors multiple registry and file locations where applications can be registered to automatically start after a user logs on. Changes to these locations are detected in real-time for further investigation. |
||
|