|
|
|
You can also add or modify the following keys and values to change the way CA Access Control performs:
|
Registry Entry |
Type |
Description |
|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters\DisableFileInterception |
REG_DWORD |
Specifies whether file interception hooking is disabled (relevant functions are not initialized at boot time). Value: 1 (disabled) Note: If this registry entry does not exist (the default), or is set to any value other than 1, file interception is initialized at boot time. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters\DisableNetworkInterception |
REG_DWORD |
Specifies whether network interception hooking is disabled (relevant functions are not initialized at boot time). Value: 1 (disabled) Note: If this registry entry does not exist (the default), or is set to any value other than 1, network interception is initialized at boot time. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters\DisableProcessInterception |
REG_DWORD |
Specifies whether process interception hooking is disabled (relevant functions are not initialized at boot time). Value: 1 (disabled) Note: If this registry entry does not exist (the default), or is set to any value other than 1, process interception is initialized at boot time. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters\DisableRegistryInterception |
REG_DWORD |
Specifies whether registry interception hooking is disabled (relevant functions are not initialized at boot time). Value: 1 (disabled) Note: If this registry entry does not exist (the default), or is set to any value other than 1, registry interception is initialized at boot time. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeosDrv\Parameters\KernelBuffersSize |
REG_DWORD |
When the CA Access Control kernel driver (seosdrv.sys) starts, it allocates, by default, memory for its internal use, according to the following formula: number_of_buffers = amount_of_RAM For example, 256 buffers are allocated for 256 MB of RAM. Each buffer is 4096 bytes long. If you want to control the number of buffers that seos.drv allocates, create this registry key and set the value to the number of buffers to allocate. Note: 32 is the minimum number of buffers. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SeosDrv\EventMessageFile |
REG_EXPAND_SZ |
Defines the pathname to the seosdrv.sys driver. Default: %SystemRoot%\System32\drivers\seosdrv.sys |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SeosDrv\TypesSupported |
REG_DWORD |
A standard Windows entry that defines the bitmask of supported event types. Default: 7 |
|
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cainstrm\parameters\DllScanList |
REG_SZ |
Defines a list of comma separated DLLs (by name) that trigger injection by cainstrm.sys Default: No default |
|
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cainstrm\parameters\DllScanListRefreshPeriod |
REG_DWORD |
Defines the interval, in seconds, for scanning the cainstrm registry entry. Default: 600 |
|
HKEY_LOCAL_MACHINE\System\CCS\Services\Cainstrm\parameters\ExcludeProcess |
REG_MULTI_SZ |
Specifies processes by name to be excluded from native instrumentation by the driver. Default: none |
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |