Overview:
NeuShield Data Sentinel has a number of registry keys that may be useful for different use cases. The registry keys are primarily stored here:
HKEY_LOCAL_MACHINE\SOFTWARE\NeuShield\NeuShield Data Sentinel\
Registry Keys:
Client ID:
Name:
clientID
Type:
String Value (REG_SZ)
Description:
This registry key is to be used with the NeuShield SDK. It should not be modified. Requires build 1270 or newer.
Edition:
Name:
edition
Type:
String Value (REG_SZ)
Description:
Stores the NeuShield Data Sentinel edition. This registry key can be used to check which edition of NeuShield is installed. This registry key should not be modified. Requires build 1218 or newer.
Possible values for this are:
- Free
- Home
- Business
Export Objects:
Name:
exportObjects
Type:
String Value (REG_SZ)
Description:
This registry key does not exist by default. Adding this registry key will add two new options to the right-click menu in Windows Explorer. These new options are: 1) Export deleted files, and 2) Export engrams. This allows you to export deleted files that are stored in the NeuShield overlay and export Data Engrams that are stored in the NeuShield overlay.
The value of this registry can be empty (blank). If it is empty then when you export files from the overlay they will be exported to: "C:\Users\<username>\AppData\Local\NeuShield\Export\". Otherwise, you can change the value of this to a specific path. If the value of this registry key is a specific path then the files will be exported to this path.
This feature requires build 1226 or newer. For more details see: What should I do if I am hit with ransomware?
Install Dir:
Name:
installDir
Type:
String Value (REG_SZ)
Description:
Stores the folder path that NeuShield Data Sentinel was installed to. This registry key should not be modified.
Installed:
Name:
installed
Type:
DWORD (REG_DWORD)
Description:
Stores whether NeuShield Data Sentinel is installed or not. The value of this key is set to "1" for installed. This registry key should not be modified.
Overlay IO Mode:
Name:
overlayIoMode
Type:
DWORD (REG_DWORD)
Description:
This registry key does not exist by default. Adding this registry key will change the IO mode of the NeuShield overlay. Setting this to write-through ensures that data writes are preserved and is more reliable. Setting this to cached mode is faster but data could be lost if the system loses power before the data is written to disk. This feature requires build 1358 or newer.
Possible values for this are:
- 0 = Auto
- 1 = Force write-through
- 2 = Force cached
Pause Commit:
Name:
pauseCommit
Type:
DWORD (REG_DWORD)
Description:
This registry key does not exist by default. Adding this registry key will allow you to pause the scheduled commit cycle. This can be useful if don't want NeuShield to commit data from the overlay for some reason, such as the files have become ransomed or corrupted in some way. This feature requires build 1396 or newer.
Possible values for this are:
- 0 = Disabled
- 1 = Commits are paused
Comments
0 comments
Article is closed for comments.