Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing tasks

Creating a registry key retrieval task

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Creating a registry key retrieval task

8 November 2023

ID 247372

You can retrieve a registry key from selected hosts with the Endpoint Agent component. To do so, you must create a registry key retrieval task.

To create a registry key retrieval task:

  1. Select the Tasks section in the application web interface window.

    This opens the task table.

  2. Click the Add button and select Registry key in the Get data drop-down list.

    This opens the task creation window.

  3. Configure the following settings:
    1. Registry key is the registry key that you want to get.

      You can enter the registry key in one of the following formats:

      • Relative to the root key.

        For example, \REGISTRY\MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator.

      • Relative with full name of the root key.

        For example, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator.

      • Relative with an abbreviation instead of the full name of the root key.

        For example, HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator.

      If you want to get data from HKEY_CURRENT_USER, you must specify HKEY_USERS and the SID of the user: HKEY_USERS\<SID of the user>.

    2. Description is the task description. This field is optional.
    3. In the Hosts field, enter the name or IP address of the host to which you want to assign the task.

      You can specify multiple hosts.

      If you are using Kaspersky Endpoint Agent in the role of the Endpoint Agent component, the registry key retrieval task can be assigned only to hosts running Kaspersky Endpoint Agent for Windows version 3.13 and later.

  4. Click Add.

The registry key retrieval task is created. The task runs automatically after it is created.

As a result of the task, the application places a ZIP archive in Storage; the archive contains a .reg file, which contains a list of all registry keys and values under the key that was specified when creating the task. You can download the archive to your local computer.

If the task results in an error, the archive file contains the description of the error.

Users with the Security auditor role cannot create this task.

Users with the Security officer role do not have access to tasks.

See also

Managing tasks

Viewing the task table

Viewing information about a task

Creating a get file task

Creating a forensic collection task

Creating an NTFS metafile retrieval task

Creating a process memory dump retrieval task

Creating a disk image retrieval task

Creating a RAM dump retrieval task

Creating a process termination task

Creating a task to scan hosts using YARA rules

Creating a service management task

Creating an application execution task

Creating a file deletion task

Creating a file quarantine task

Creating a quarantined file recovery task

Creating a copy of a task

Deleting tasks

Filtering tasks by creation time

Filtering tasks by type

Filtering tasks by name

Filtering tasks by file name and path

Filtering tasks by description

Filtering tasks by server name

Filtering tasks based on the name of the user that created the task

Filtering tasks by processing status

Clearing a task filter

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.