Endpoint Administration Guide for Windows › General Security Features › Disable CA Access Control Kernel Interceptions

Disable CA Access Control Kernel Interceptions

You can disable the following CA Access Control interceptions at the kernel level:

• network interception
• process interception
• registry interception
• file interception

Even when the network, process, registry, and file classes are disabled and you are not using those classes to intercept kernel activity, the network, process, registry, and file interception processing code is initiated at boot time and working at run time, affecting performance. To improve performance, you can disable one or more interceptions from initiating at boot time.

To disable CA Access Control interceptions at the kernel level

1. Create one or more of the following registry entries of type REG_DWORD and set the value of one or more entries to 1.
   • DisableNetworkInterception—disables network interception
   • DisableProcessInterception—disables process interception
   • DisableRegistryInterception—disables registry interception
   • DisableFileInterception—disables file interception

   The entries must be created under the following registry key:

   HKLM\SYSTEM\CurrentControlSet\Services\drveng\Parameters
   

2. Reboot the computer.

   CA Access Control reloads without initializing the disabled interception types.