You can also add or modify the following keys and values to change the way CA ControlMinder performs:
|
Registry Entry |
Type |
Description |
|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters\DisableFileInterception |
REG_DWORD |
Specifies whether the file interception hooking is disabled (relevant functions are not initialized at boot time). Value: 1 (disabled) Note: If this registry entry does not exist (the default), or is set to any value other than 1, file interception is initialized at boot time. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters\DisableNetworkInterception |
REG_DWORD |
Specifies whether network interception hooking is disabled (relevant functions are not initialized at boot time). Value: 1 (disabled) Note: If this registry entry does not exist (the default), or is set to any value other than 1, network interception is initialized at boot time. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters\DisableProcessInterception |
REG_DWORD |
Specifies whether process interception hooking is disabled (relevant functions are not initialized at boot time). Value: 1 (disabled) Note: If this registry entry does not exist (the default), or is set to any value other than 1, process interception is initialized at boot time. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters\DisableRegistryInterception |
REG_DWORD |
Specifies whether the registry interception hooking is disabled (relevant functions are not initialized at boot time). Value: 1 (disabled) Note: If this registry entry does not exist (the default), or is set to any value other than 1, registry interception is initialized at boot time. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeosDrv\Parameters\KernelBuffersSize |
REG_DWORD |
When the CA ControlMinder kernel driver (seosdrv.sys) starts, it allocates, by default, memory for its internal use, according to the following formula: number_of_buffers = amount_of_RAM For example, 256 buffers are allocated for 256 MB of RAM. Each buffer is 4096 bytes long. If you want to control the number of buffers that seos.drv allocates, create this registry key and set the value to the number of buffers to allocate. Note: 32 is the minimum number of buffers. |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SeosDrv\EventMessageFile |
REG_EXPAND_SZ |
Defines the pathname to the seosdrv.sys driver. Default: %SystemRoot%\System32\drivers\seosdrv.sys |
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SeosDrv\TypesSupported |
REG_DWORD |
A standard Windows entry that defines the bitmask of supported event types. Default: 7 |
|
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cainstrm\parameters\DllScanList |
REG_SZ |
Defines a list of comma-separated DLLs (by name) that trigger injection by cainstrm.sys Default: No default |
|
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cainstrm\parameters\DllScanListRefreshPeriod |
REG_DWORD |
Defines the interval, in seconds, for scanning the cainstrm registry entry. Default: 600 |
|
HKEY_LOCAL_MACHINE\System\CCS\Services\Cainstrm\parameters\ExcludeProcess |
REG_MULTI_SZ |
Specifies processes by name to be excluded from native instrumentation by the driver. Default: none |
|
HKEY_LOCAL_MACHINE\SYSTEM\CCS\Services\Cainstrm\Parameters |
REG_DWORD |
Specifies the CA ControlMinder low-level instrumentation policy towards .Net assemblies. Default: 1 (1 implies that the instrumentation of .Net assemblies is enabled). |
|
HKLM\SYSTEM\CurrentControlSet\Services\cainstrm\Parameters\DotNetOperationMode |
REG_DWORD |
Defines the CA ControlMinder low-level instrumentation policy toward .Net assemblies.). Default: 1 (1 enables the instrumentation of .Net assemblies. Any value different from 1 disables the instrumentation of .Net assemblies). |
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|