Hello, I use the currently latest version of CIS.
I wish to ask: The notification pop-up about apps attempting to modify protected registry keys - does really CIS “see” that the app is trying to ALTER something in that key or is it possible that the app is only READING something from that key?
This is important, for example, regarding digital certificates stores in the registry - it looks legit for me for an app to READ from these keys to verify crystallographic related stuff, but sure it will not be legit to change stuff there.
What do you say?