Hello,
We are using ERA 6.7 and Endpoint security Client for our windows pc users.
We have created a rule in HIPS to block users from deleting , modifying or changing the value of a particular key, which works fine.
The Key is : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastuserSwitching
However, when we are trying to achieve similar result for another key, its not working, .i.e. user is able to delete or modify the key !
The Key is : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
The Key is : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
The reason for blocking the keys are, we want to restrict users from performing :
1. Disable Fast User Switching ( working fine with disabling in registry and HIPS rule monitoring to deny any change)
2. Disable Win + R i.e. show RUN for the user/system (working fine with disabling in registry BUT HIPS rule doesn't work)
3. Disable Right Click Properties option (working fine with disabling in registry BUT HIPS rule doesn't work)
Do let us know if we are doing something wrong and help us in resolving the issue.
Thanks,
Tariq