I know it is possible to configure the agent to scan for a custom registry key, but if you add the Registry node to the snowagent.config file then you must manually add all the default registry scan paths too. This is because adding a Registry node overrides the agent scan of all default nodes (for some strange reason). I'm not comfortable doing this, and we do not have the full list of default registry paths that are scanned anyway. Perhaps Snow should publish this list. Without it, the Registry node cannot be added to the agent's config.
Has anyone managed to successfully customise their agents to scan for a specific registry path?
I would like to do this because I need to create an application detection rule that includes, in part, the operating system. The only reliable source of Operating System name is: HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProductName which the agent does not scan by default. I personally feel this key should be one of the default locations.
Thanks for any suggestions.
agent configuration #registry scanning