(imported topic written by SecurityMG)
Hello,
Another odd result. I am now thinking something changed in version 9 that broke this. This works on Workstations, but not servers.
(names of values of it, values of it) of it of key “runonce” of keys “HKLM\software\microsoft\windows\currentversion” of registry
(names of values of it, values of it) of it of key “runonce” of keys “HKLM\software\microsoft\windows\currentversion” of native registry
(names of values of it, values of it) of it of key “runonce” of keys “HKLM\software\microsoft\windows\currentversion” of x64 registry
This does work on servers:
if (exists key “HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce” of native registry) then names of values whose (name of it is not contained by set of (“whatever”)) of key “HKLM\software\microsoft\windows\currentversion\RunOnce” of native registry else “No Key”
But I can’t get it to work with the data of value inside the Run or Runonce entry on 64bit Windows servers.
if (exists key “HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce” of native registry) then names of values whose (name of it is not contained by set of (“whatever”)) of key “HKLM\software\microsoft\windows\currentversion\RunOnce” of native registry else “No Key”
I think it is a bug !
Basically I need to query keys for the ‘value(s)’ within the name of the entries and ‘last write time of it’ and have have ‘not contained by set of “”’ in order to exclude known good stuff.
Thanks,
MG
MG