Help with Procedure to create Reg Key

Products ITarian Endpoint Manager
1

Good Morning

I have been trying to set a registry key for the current logged in user using the following procedure, and it doesn’t appear to be working. The procedure is saying executed and completed successfully, but the reg key and value is not updated / created.


Key= "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security"## Here give the registry Key path
Sub_Key= "EnableRoamingFolderHomepages"   ## Here give the sub Key of the registry
Field= "REG_DWORD"   ##Here give the field of it
value = "2"   ##Value required for Dynamics CRM Outlook plugin
import os;
import ctypes
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)
with disable_file_system_redirection():
    set=os.popen('REG Add '+Key +'/v' + Sub_Key +'/t' + Field +'/d' +value +' /f').read();
    print(set);

Can anyone see what is wrong with this and why it wont work…

2

Hi @curatrix_pl

We will analyse and come back to you with good result.

Thank you
@Aravind_pandi

3

Hi @curatrix_pl

Please follow the below link we have updated :

http://scripts.comodo.com/frontend/web/topic/set-registry-value

Thanks
Aravind.

4

Good Morning

Apologies for the delay in testing this.

I have updated my script and tested it on a test machine. The execution log shows as completed correcty, but it is still not creating the desired registry value.



Key= "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security"
Sub_Key= "TEST"
Field= "REG_DWORD"
value = "2"

import os;
import ctypes
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)
with disable_file_system_redirection():
    set=os.popen('REG Add '+Key +' /v ' + Sub_Key +' /t ' + Field +' /d ' +value +' /f').read();
    print(set);
5

Hello @curatrix_pl ,

Thanks for the feedback, we will analyze it again and we will get back to you as as possible.

6

Just as an update, the processrunner.exe is triggering a HIPS event on CES (for Access Memory).

7

Hello @curatrix_pl ,

That information is noted.
Thank you.

8

Hi @curatrix_pl

Could you please tell me what kind of error exactly you have faced ? Is it not at all creating any reg value or not exactly created what you expected ?

Sometimes you will be having two “Office” path under here “HKEY_CURRENT_USER\Software\Microsoft\Office”. Kindly please describe me about the error exactly in order to make it success.

Thanks.

9

Hi @curatrix_pl

we have modified your script as per your request.
I have attached the json file
20180227-proc.json

Thank you.

20180227-proc.json (1.37 KB)