From Newsgroup: alt.comp.os.windows-11

And on your guys know of a utility that will monitor
particular registry keys for changes/additions?

An eMail notification would be nice.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Thu, 10/2/2025 2:48 PM, T wrote:

And on your guys know of a utility that will monitor
particular registry keys for changes/additions?

An eMail notification would be nice.

Since Process Monitor from Sysinternals, can log changes to
the Registry, the ETW subsystem makes it easier to detect
that sort of activity. I don't know if any malware can
break ETW as part of its attack sequence though.

Someone could build a tool based on that subsystem, so I
would say yes, it's technically possible to do something
along the lines of what you want.

This isn't a complete solution. It's more like a directory
listing of the registry "file" entries (keys). The Registry
is considered to be a kind of "file system", rather than a
database. It can accept arbitrary binary blobs, such as
a 250KB binary item could be deposited in there, as a bar bet.

https://www.bleepingcomputer.com/news/microsoft/microsoft-powershell-lets-you-track-windows-registry-changes/

If you're comparing "Value" of items, be prepared for
unlimited blob size in your design :-)

Paul
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 10/2/25 12:51 PM, Paul wrote:

On Thu, 10/2/2025 2:48 PM, T wrote:

And on your guys know of a utility that will monitor
particular registry keys for changes/additions?

An eMail notification would be nice.

Since Process Monitor from Sysinternals, can log changes to
the Registry, the ETW subsystem makes it easier to detect
that sort of activity. I don't know if any malware can
break ETW as part of its attack sequence though.

Someone could build a tool based on that subsystem, so I
would say yes, it's technically possible to do something
along the lines of what you want.

This isn't a complete solution. It's more like a directory
listing of the registry "file" entries (keys). The Registry
is considered to be a kind of "file system", rather than a
database. It can accept arbitrary binary blobs, such as
a 250KB binary item could be deposited in there, as a bar bet.

https://www.bleepingcomputer.com/news/microsoft/microsoft-powershell-lets-you-track-windows-registry-changes/

If you're comparing "Value" of items, be prepared for
unlimited blob size in your design :-)

Paul

You know, I think I could write it myself:

reg query
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SecurityHealth REG_EXPAND_SZ %windir%\system32\SecurityHealthSystray.exe
egui REG_SZ "C:\Program Files\ESET\ESET Security\ecmds.exe"
/run /hide /proxy
Open-Shell Start Menu REG_SZ "C:\Program Files\Open-Shell\StartMenu.exe" -autorun
Cobian Reflector REG_SZ "C:\Program Files\Cobian Reflector\Cobian.Reflector.Application.exe"


set the task manager to run every xxx minutes
compare the last read to the current read
if different, eMail both

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Thu, 02 Oct 2025 13:48:36 -0500, T <T@invalid.invalid> wrote:

And on your guys know of a utility that will monitor
particular registry keys for changes/additions?

An eMail notification would be nice.

MJ Registry Watcher
https://www.jacobsm.com/mjsoft.htm#rgwtchr
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 10/3/25 5:17 AM, Allan Higdon wrote:

On Thu, 02 Oct 2025 13:48:36 -0500, T <T@invalid.invalid> wrote:

And on your guys know of a utility that will monitor
particular registry keys for changes/additions?

An eMail notification would be nice.

MJ Registry Watcher
https://www.jacobsm.com/mjsoft.htm#rgwtchr

Thank you!
--- Synchronet 3.21a-Linux NewsLink 1.2