RegyChange
Looks wether the given registry value has another value then the given one.
Usage
RegyChange:<description>,<rootkey>,<keypath>,<value=data>[,advanced registry parameters]
Examples
RegyChange:"Last used directory",HKEY_CURRENT_USER,"\Software\Microsoft\Internet Explorer\Main\","Save Directory="
Description
This command checks whether a specified value has known data, to be able to correct that data back to the known one should it have been changed.
- First, a description. Using a description template instead of plain text is recommended so that the user will receive a localized version.
- The root key, where HKEY_CURRENT_USER stands for all users actually.
- The path to the value, starting with a backslash. AP PT
- An entry that is used to assign new data to a value. You can use a simple value=newdata; or for numeric values, value=dword:0815. Binary is possible as well. Algo-Prefixes are allowed for both value name and text data here. AP
- This field supports advanced registry parameters, to be able to use another value as an additional criterion.
You should keep in mind that even system registry values may differ between Windows versions.
Scan Results
- A special result that allows to change the value back to the known data upon fixing.