Enable or Disable Registry Protection Settings on the Endpoint

To prevent attackers from tampering with the Traps registry keys, use the
cytool protect enable registry
command to restrict access to the registry keys stored in HKLM\SYSTEM\Cyvera. To disable protection of the registry keys, use the
cytool protect disable registry
command.
Making changes to the registry protection settings requires you to enter the supervisor (uninstall) password when prompted.
  1. Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
  2. To manage the protection settings of registry keys on the endpoint, use the following command:
    C:\Program Files\Palo Alto Networks\Traps>
    cytool protect [enable|disable] registry
    The following example displays output for enabling protection of registry keys. The
    Mode
    column displays the revised protection status, either
    Enabled
    or
    Disabled
    , or
    Policy
    when using the settings in the local security policy to protect registry keys.
    C:\Program Files\Palo Alto Networks\Traps>
    cytool protect enable registry
    Enter supervisor password: Protection Mode State Process Policy Disabled Registry Enabled Enabled File Policy Disabled Service Policy Disabled
    To use the settings in the local security policy to protect registry keys on the endpoint, see Use the Security Policy to Manage Service Protection.

Related Documentation