Registry Layout

The root key for ABPA-related information is HKEY_LOCAL_MACHINE\SOFTWARE\Huji\Abpa

DataCollector subkey
  • Config
    • Collector
      • Applications
EnableMonitoring: if set to 1, APBA will be active, otherwise - not
Applications: regex filters on names of processes that should be monitored (; - separated)
AppSelection: one of following values: "ListOnly" - only matching regex in Applications; "AllExcept" - all applicatin except matching one of regex'es; "All" - monitoring all processes.
  • Output
Location: the folder to create output files in
  • DataTypes
Sets value of 1 (on) or 0 (off) for following event types:
FileEvents
ThreadEvents
NetworkEvents
SyncEvents
VirMemEvents
WindowEvents


Last edited Aug 11, 2008 at 10:35 AM by migo, version 4

Comments

No comments yet.