Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Need clarification on registry value filter in collections



Ok first, here is a collection I'm setting up:

I want to test the value of the "DisabledByDefault" entry directly under the key above (HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client) 

The registry path above is tested for it's presence. But from my understanding the testing of "DisabledByDefault" is for it's presence anywhere in the scanned registry, not specify under that key... correct?

That "DisabledByDefault" entry is possibly under many various subkeys of HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\ so testing for it's presence under a specific key is important here!

Is that accurate or am I getting it wrong?
My registry scanner is set to scan HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\**\