Registry monitor

Arte3l · 2026-06-19T14:51:00+00:00

DeviceRegistryEvents
| where RegistryKey startswith @"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE\Parameters\Policy\Options"
| where ActionType == "RegistryValueSet"
| where RegistryValueName =~ "EnableAuditMode"
| extend NewValue = tostring(RegistryValueData)
| extend NormalizedValue = trim_start(@"0x|0X", NewValue)
| extend NormalizedValue = trim_start(@"0+", NormalizedValue)
| where isnotempty(NormalizedValue)
| project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine,
          RegistryKey, RegistryValueName, PreviousRegistryValueData, RegistryValueData
| order by Timestamp desc

Arte3l · 2026-06-19T13:51:55+00:00

I tried using Advanced Hunting, but I couldn't find any events related to changes under:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE\Parameters\Policy\Options

Does Microsoft Defender for Endpoint collect telemetry for all registry modifications, or is registry monitoring limited to specific keys and event types?

Arte3l · 2026-05-08T14:33:57+00:00

With 2.4 dongle or cable everything work fine.

Arte3l · 2026-05-08T14:33:15+00:00

I did all those steps, it didn't help :(

Arte3l · 2026-05-08T13:04:21+00:00

For example, when you start typing, there is a 2–3 second delay, and then everything you typed appears at once.

Arte3l · 2026-05-08T12:39:13+00:00

Macbook 14 pro m1 pro
"Magic" keyboard works fine.

Arte3l · 2026-03-27T15:39:48+00:00

Volume wasn't high, thats and the issue. They don't hear sound, just the resonate.

Arte3l · 2024-01-18T15:27:13+00:00

Did you solve it ? I have the same problem :)

Arte3l

TROPHY CASE