Delete reg value works in cmd.exe but not BF

(imported topic written by mmcgrew91)

I’m trying to delete a reg value, it works when i run the .reg file that is created by my actionscript manually, but not through bigfix. I’ve tested it in the fixlet debugger it returns the error of “The system was unable to find the specified registry key or value”. But it works when I run it in the command line manually! Here are both ways i’m trying it.

// clear previously used files

delete __appendfile

delete delete_key.reg

// create .reg file

appendfile Windows Registry Editor Version 5.00

appendfile

appendfile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

appendfile “Windows Defender”=-

move __appendfile delete_key.reg

// run .reg file

wait regedit /s delete_key.reg

and

waithidden cmd.exe /c REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v “Windows Defender” /f

Again, if I just run the REG DELETE command in a prompt it works fine, but through the relevance debugger it does not work.

thanks

(imported comment written by BenKus)

I can’t see any good reason at a glance why that won’t work…

You might try this syntax:

regdelete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “Windows Defender”

Ben

(imported comment written by mmcgrew91)

Still not deleting it.

q: exists value “Windows Defender” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” of native registry

A: True

T: 17.293 ms

regdelete "

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

" “Windows Defender”

STATUS: Running action…

  • Result —

Evaluation completed successfully!

q: exists value “Windows Defender” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” of native registry

A: True

T: 0.149 ms

(imported comment written by NoahSalzman)

Are you just trying in the Debugger or have you also tried by running a real action via the Console?

(The debugger is not guaranteed to be 100% equivalent to running a real action in the Console.)

(imported comment written by mmcgrew91)

The action success is dependent on the relevance returning false:

relevance: exists value “Windows Defender” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” of native registry

action: regdelete "

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

" “Windows Defender”

results:

The action failed.

This action has been applied 1 time and will not be applied again.

Status Failed

Action Script Execution Detail

Failed regdelete "

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

" “Windows Defender”

The way I understand it is that this should run as administrator by default, is this the case or would I need to specify this to run with admin privs?