Tests Help
Security Settings – Windows
A-32
Windows Startup Registry Entries Allowed
Description
This test verifies that the endpoint attempting to connect to your system does
not contain non-compliant registry entries in the run and runOnce Windows
registry keys.
Test Properties
Enter a list of registry key and values that are allowed in the run and runOnce
Windows registry keys. If the endpoint has any other values in those keys, the
test will fail. Separate entries by semicolons in the format <key> or
<key>::<value>.
For example:
updater::C:\Program Files\Common files\Updater\wupdater.exe
will allow Windows update to run on startup.
How Does this Affect Me?
The Microsoft Windows Registry contains information that Windows uses
during normal operations, including system options, property settings, appli-
cations installed, types of documents each application can create, ports used,
and so on. Information is stored in keys, such as run and runOnce. The run
and runOnce keys cause programs to run automatically. Many worms and
viruses are started by a call from the Windows Registry. If you limit what can
start up when you log in, you can reduce the potential for worms and viruses
to run on your system.
The following links provide a description of the Microsoft Windows Registry
and the Run keys:
■
http://support.microsoft.com/default.aspx?scid=kb;EN-US;256986
http://support.microsoft.com/default.aspx?scid=http://
■
support.microsoft.com:80/support/kb/articles/q137/3/67.asp&NoWe-
bContent=1
■
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314866
■
http://www.winguides.com/registry/