Some research that we've been doing into the Locky ransomware shows that it creates a registry key as a part of its operation. We're trying to use LANSweeper to show us what machines have Locky. Irrespective of how reliable it is to check for this key to prove\disprove Locky infestations, we're having issues with LANSweeper registry scanning.
I made the key to be checked:
https://www.dropbox.com/s/v5heqgz5bpboi03/Locky%20RegEdit.PNG?dl=0
I set LANSweeper to look there:
https://www.dropbox.com/s/r42ohe90tv2ror3/Pasted%20image%20at%202016_03_24%2011_44%20AM.png?dl=0
Here's what a PC looks like after rescanning it. The files we set it to scan for show up as false, but the registry key doesn't show up at all.
https://www.dropbox.com/s/fn92s9splx6brf1/PC%20File%20Info.PNG?dl=0
https://www.dropbox.com/s/iib7buoicolkkue/PC%20Registry%20Info.PNG?dl=0
Thoughts?