Forum Discussion
How to deleting a registry key
I would like to know if you have a way to remediated a malicious registry key with Defender XDR ?
Deleted Hi, yes I too still find it limiting that's why if I have to get my hands on the registry I deploy through Intune.
5 Replies
- Hi guys, yes i had look through Live response and i found it really limited overtime. I know i can create a powershell script and uploading it through Live response, but it's not working super good.
If we don't have the possibility to doing through Defender, that will be an important feature to add. And it's possible to undo a remediation for a registry key but not the opposite with Live response..Deleted Hi, yes I too still find it limiting that's why if I have to get my hands on the registry I deploy through Intune.
- Have you looked at Live response in Defender XDR? https://learn.microsoft.com/en-us/defender-endpoint/live-response-command-examples#run
- Hi, you can create a script in powershell and deploy it via intune to modify or delete registry keys; if you have the right licenses you can also use proactive remedies
- # Provide registry key path
$regPath = "HKLM:\Software\Adobe"
# Check if the registry key exists
if (Test-Path -Path $regPath) {
try {
Remove-Item -Path $regPath -force
Write-Host "Registry key $regPath deleted."
}
Catch {
Write-error $_
}
}
else {
Write-Host "Registry key $regPath does not exist."
}
