I’m trying to see if I can block an application from creating a registry key. This one is a shell extension that shows up when I right-click on the desktop and select the New submenu. I don’t care about their document type and don’t want to see it listed as an option to select what type of new document that I’ll be creating. I will only use their program when loaded to load their files.
I can go into the following key to delete their entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes<docname>
So I go into CFP v3 under Defense+, Advanced, Computer Security Policy. Then I get the joy of scrolling through hundreds of entries (several times back and forth) trying to find the one for their executable. Once I find it, I edit its Custom policy. I select to see its Access Rights. Under “Protected Registry Keys” (set to Ask), I modify it to block any entries under:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes*
The * was added by CFP when I browsed their tree to that key. Seems it should be …\Classes* but that’s their choice for wildcarding. I “Apply” my way out. I then start the application. Nope, no error from the app about creating the registry entry. Why? Because the registry key got created, so the block by CFP’s Defense+ never worked to block this app from writing a subkey under that key.
So how do I get Defense+ so its custom policies on blocked registry keys to actually work?